RSS   Vulnerabilities for 'Monox'   RSS

2020-04-29
 
CVE-2020-12473

CWE-269
 

 
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.

 
 
CVE-2020-12472

CWE-79
 

 
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.

 
 
CVE-2020-12471

CWE-502
 

 
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

 
 
CVE-2020-12470

CWE-552
 

 
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.

 

 >>> Vendor: MONO 3 Products
MONO
XSP
Monox


Copyright 2024, cxsecurity.com

 

Back to Top