NotCVE - vendor:"Monstra" product:"Monstra Cms" version:"1.6"

2 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-19599

https://notcve.org/view.php?id=CVE-2018-19599

02 Mar 2020 — Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product. Monstra CMS versión 1.6, permite un ataque de tipo XSS por medio de un documento SVG cargado en el URI admin/index.php?id=filesmanager&path=uploads/. • https://anh.im/image/lG1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1

CVE-2018-11227

https://notcve.org/view.php?id=CVE-2018-11227

03 Jul 2019 — Monstra CMS 3.0.4 and earlier has XSS via index.php. Monstra CMS 3.0.4 y versiones anteriores tiene Cross-Site Scripting (XSS) mediante index.php. • https://github.com/monstra-cms/monstra/issues • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •