RSS   Vulnerabilities for 'Monstra'   RSS

2018-05-25
 
CVE-2018-11475

CWE-384
 

 
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.

 
 
CVE-2018-11474

CWE-384
 

 
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.

 
 
CVE-2018-11473

CWE-79
 

 
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).

 
 
CVE-2018-11472

CWE-79
 

 
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).

 
2018-04-16
 
CVE-2018-10121

CWE-79
 

 
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.

 
 
CVE-2018-10118

CWE-79
 

 
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.

 
 
CVE-2018-10109

CWE-79
 

 
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.

 
2018-04-10
 
CVE-2018-9038

CWE-264
 

 
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.

 
 
CVE-2018-9037

CWE-434
 

 
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.

 
2018-02-02
 
CVE-2018-6550

CWE-79
 

 
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.

 


Copyright 2018, cxsecurity.com

 

Back to Top