MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
7.2CVSS
7.3AI Score
0.001EPSS
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
9.8CVSS
9.8AI Score
0.014EPSS
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
5.4CVSS
5.2AI Score
0.001EPSS
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.
7.2CVSS
7.2AI Score
0.001EPSS