Shodan
Vulnerabilities
Vulnerable Software
Monstra:  Security Vulnerabilities
CVE-2018-11472
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVSS Score
6.1
EPSS Score
0.009
Published
2018-05-25
CVE-2018-11473
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVSS Score
6.1
EPSS Score
0.023
Published
2018-05-25
CVE-2018-11474
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVSS Score
8.0
EPSS Score
0.011
Published
2018-05-25
CVE-2018-11475
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.
CVSS Score
8.0
EPSS Score
0.011
Published
2018-05-25
CVE-2018-10118
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
CVSS Score
4.8
EPSS Score
0.029
Published
2018-04-16
CVE-2018-10121
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.
CVSS Score
4.8
EPSS Score
0.007
Published
2018-04-16
CVE-2018-10109
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
CVSS Score
4.8
EPSS Score
0.022
Published
2018-04-16
CVE-2018-9037
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
CVSS Score
8.8
EPSS Score
0.029
Published
2018-04-10
CVE-2018-9038
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
CVSS Score
6.5
EPSS Score
0.098
Published
2018-04-10
CVE-2018-6550
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-02-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved