Vulnerability CVE-2018-6550


Published: 2018-02-02

Description:
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Monstra
Product: Monstra 
Version: 3.0.4;

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b
https://github.com/monstra-cms/monstra/issues/427

Related CVE
CVE-2018-16820
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
CVE-2018-17026
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
CVE-2018-17025
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
CVE-2018-17024
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
CVE-2018-16978
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
CVE-2018-16977
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.

Copyright 2018, cxsecurity.com

 

Back to Top