Shodan
Vulnerabilities
Vulnerable Software
Monstra:  Security Vulnerabilities
CVE-2024-36773
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-06-07
CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.0
Published
2024-06-06
CVE-2024-36775
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-06
CVE-2021-40940
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-06-15
CVE-2021-36548
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.178
Published
2021-10-28
CVE-2020-20691
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-27
CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
CVSS Score
5.4
EPSS Score
0.092
Published
2021-07-06
CVE-2020-23219
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-07-01
CVE-2020-23205
A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-01
CVE-2020-25414
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
CVSS Score
9.8
EPSS Score
0.016
Published
2021-06-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved