Princyedwardo

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns an XSS exploit via the `page meta title` parameter in the `add page` action. This is related to the `admin/index.php` file in Monstra CMS. **Recommendations** For Monstra CMS version 3.0.4, avoid using the `page meta title` parameter in the `add page` action until a fix is available. As a temporary workaround, consider restricting access to the `admin/index.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns an XSS vulnerability. It can be exploited via the `page meta title` parameter in an "edit page&name=error404" action on the "admin/index.php" page. **Recommendations** For Monstra CMS version 3.0.4, avoid using the `page meta title` parameter in the "edit page&name=error404" action on the "admin/index.php" page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** An issue was discovered in MiniCMS. There is an XSS vulnerability in the 'mc-admin/post.php' endpoint for requests with a 'state' parameter set to 'delete', 'draft', or 'publish'. **Recommendations** For MiniCMS version 1.10, update to a version that fixes the XSS vulnerability in the 'mc-admin/post.php' endpoint. As a temporary workaround, consider restricting access to the 'mc-admin/post.php' endpoint to minimize the risk of exploitation. Avoid using the 'tag' parameter in the 'mc-admin/post.php' endpoint until the issue is resolved.