Shodan
Vulnerabilities
Vulnerable Software
Monstra:  Security Vulnerabilities
CVE-2018-17025
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-13
CVE-2018-17026
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-13
CVE-2018-16977
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-09-12
CVE-2018-16978
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-12
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
CVSS Score
6.1
EPSS Score
0.2
Published
2018-09-12
CVE-2018-15886
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
CVSS Score
7.2
EPSS Score
0.005
Published
2018-09-10
CVE-2018-16608
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-14
CVE-2018-11678
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-05
CVE-2018-11472
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved