CVE-2018-10118

MEDIUM

Monstra CMS 3.0.4 - XSS

Title source: llm

Description

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.

Exploits (2)

exploitdb WORKING POC

by DEEPIN2 · pythonwebappsphp

https://www.exploit-db.com/exploits/44855

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by GeunSam2 · poc

https://github.com/GeunSam2/CVE-2018-10118

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/monstra-cms/monstra/issues/436

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44855/

Scores

CVSS v3 4.8

EPSS 0.0039

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

monstra/monstra 3.0.4

Published Apr 16, 2018

Tracked Since Feb 18, 2026