CVE-2021-36548

A remote code execution RCE vulnerability in the component /admin/index.php?id=themes=edittemplate=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file...

Monstra cross-site scripting vulnerability (CNVD-2021-46870)

Monstra is a lightweight content management system CMS. A stored cross-site scripting vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Site Name" field under the "Site Settings" module...