Description
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/monstra-cms/monstra/commit/388ab412035474068758df6b07e7e06852f3747b
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/monstra-cms/monstra/issues/427
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
42.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
monstra/monstra
< 3.0.4
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026