CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

337 matches found

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

5.4CVSS6.6AI score0.26418EPSS

Exploits1References3

Nuclei•added 19 hours ago•48 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.6AI score0.00365EPSS

Exploits0References4

Nuclei•added 19 hours ago•22 views

Monstra CMS <=3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.6AI score0.01825EPSS

Exploits1References5

NVD•added 2026/02/05 5:16 p.m.•4 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.8CVSS0.00116EPSS

Exploits2References2

ATTACKERKB•added 2026/02/05 12:0 a.m.•2 views

CVE-2025-69906

8.6AI score0.00116EPSS

Exploits2References3

CNNVD•added 2026/02/05 12:0 a.m.•4 views

Monstra CMS 安全漏洞

Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...

8.8CVSS7.7AI score0.00116EPSS

Exploits2References2

CVE•added 2026/02/05 12:0 a.m.•7 views

CVE-2025-69906

CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...

8.8CVSS8.6AI score0.00116EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2026/02/05 12:0 a.m.•2 views

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

8.8CVSS6AI score0.00116EPSS

Exploits2References6

GithubExploit•added 2026/02/04 9:48 p.m.•140 views

Exploit for CVE-2025-69906

make it a readme.md to paste into it CVE-2025-69906: Monstra...

8.8CVSS6.5AI score0.02034EPSS

Exploits6

Packet Storm•added 2026/02/04 12:0 a.m.•122 views

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

5.4AI score

Exploits0