3 matches found
CVE-2024-36775
Monstra CMS 3.0.4 is affected by an XSS vulnerability in the Edit Profile page, where crafted payloads placed into the About Me field can execute arbitrary web scripts/HTML. The issue stems from reflecting or injecting content via the About Me parameter, enabling potential code execution in the c...
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...