CVE-2018-10109
MEDIUMMonstra CMS 3.0.4 - Stored Cross-Site Scripting in Blog Page Content
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-10109. PoCs published by Wenming Jiang.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Monstra CMS 3.0.4. An attacker with editor privileges can inject malicious JavaScript payloads into the content section of a new page, which executes when the page is visited.
Description
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in Monstra CMS 3.0.4. An attacker with editor privileges can inject malicious JavaScript payloads into the content section of a new page, which executes when the page is visited.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N