CVE-2018-10121

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4

Description: The issue concerns a stored XSS vulnerability. An attacker with access to the editor role can exploit this by entering a malicious payload in the title section of the "Edit 404 page" action, which is accessible through the admin/index.php?id=pages&action=edit page&name=error404 endpoint.

Recommendations: For Monstra CMS version 3.0.4, consider restricting access to the editor role and limiting the ability to edit page titles until a fix is available. As a temporary workaround, avoid using the title section in the "Edit 404 page" action to minimize the risk of exploitation.