VYPR

CMS

by Monstra

CVEs (2)

  • CVE-2018-16978MedSep 12, 2018
    risk 0.40cvss 6.1epss 0.01

    Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.

  • CVE-2024-36775MedJun 6, 2024
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.