NotCVE - vendor:"Monstra" product:"Monstra"

Page 3 of 42 results (0.006 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17024

https://notcve.org/view.php?id=CVE-2018-17024

13 Sep 2018 — admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. admin index.php en Monstra CMS 3.0.4 permite Cross-Site Scripting (XSS) mediante el parámetro page_meta_title en una acción add_page. • https://github.com/monstra-cms/monstra/issues/452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17026

https://notcve.org/view.php?id=CVE-2018-17026

13 Sep 2018 — admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. admin index.php en Monstra CMS 3.0.4 permite Cross-Site Scripting (XSS) mediante el parámetro page_meta_title en una acción edit_pagename=error404. Esta vulnerabilidad es diferente de CVE-2018-10121. • https://github.com/bg5sbk/MiniCMS/issues/25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16977

https://notcve.org/view.php?id=CVE-2018-16977

12 Sep 2018 — Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. Monstra CMS V3.0.4 tiene un riesgo de fuga de información (p.ej., PATH, DOCUMENT_ROOT y SERVER_ADMIN) en libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. • https://github.com/howchen/howchen/issues/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16979

https://notcve.org/view.php?id=CVE-2018-16979

12 Sep 2018 — Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. Monstra CMS V3.0.4 permite la inyección de cabeceras HTTP en el parámetro cfg en plugins/captcha/crypt/cryptographp.php. Este problema está relacionado con CVE-2012-2943. • https://github.com/howchen/howchen/issues/4 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16978

https://notcve.org/view.php?id=CVE-2018-16978

12 Sep 2018 — Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. Monstra CMS V3.0.4 tiene Cross-Site Scripting (XSS) cuando se intenta registrar una cuenta con un parámetro password manipulado en users/registration. Esta vulnerabilidad es diferente de CVE-2018-11473 • https://github.com/howchen/howchen/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15886

https://notcve.org/view.php?id=CVE-2018-15886

10 Sep 2018 — Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16608

https://notcve.org/view.php?id=CVE-2018-16608

10 Sep 2018 — In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). En Monstra CMS 3.0.4, un atacante con privilegios "Editor" puede cambiar la contraseña del administrador mediante un IDOR (Insecure Direct Object Reference) en admin/index.php?id=usersaction=edituser_id=1 • https://github.com/monstra-cms/monstra/issues/453 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-14922 – Monstra-Dev 3.0.4 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-14922

06 Aug 2018 — Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Monstra CMS 3.0.4 permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante los campos (1) first name o (2) last name en la página "edit profile". Monstra-Dev version 3.0.4 suffers from a persistent cross site scripting vul... • https://packetstorm.news/files/id/148836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11678

https://notcve.org/view.php?id=CVE-2018-11678

05 Jun 2018 — plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. plugins/box/users/users.plugin.php en Monstra CMS 3.0.4 permite la omisión de la limitación de la tasa de inicios de sesión mediante la manipulación de la cookie login_attempts. • http://abdilahrf.github.io/login-rate-limiting-bypass • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-11473

https://notcve.org/view.php?id=CVE-2018-11473

25 May 2018 — Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). Monstra CMS 3.0.4 tiene Cross-Site Scripting (XSS) en el formulario de registro (p.ej., el parámetro login en users/registration). • https://github.com/monstra-cms/monstra/issues/446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5