5 matches found
CVE-2023-29839
A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...
CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...
CVE-2024-36775
A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...
Monstra CMS 跨站脚本漏洞
Monstra is a lightweight content management system CMS. A cross-site scripting vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the page function in admin/index.php...
CVE-2018-6550
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php...