Filtered by vendor Monstra
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2017-18048 | 1 Monstra | 1 Monstra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not. | |||||