Nikhil1232

**Name of the Vulnerable Software and Affected Versions** Cockpit version 0.5.5 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via a collection, form, or region. **Recommendations** For Cockpit version 0.5.5, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns a Reflected XSS that occurs during the login process, specifically involving the login parameter to the admin/index.php endpoint. **Recommendations** For Monstra CMS version 3.0.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns a security problem where an attacker can inject malicious code. The registration form is affected, specifically the `login` parameter in the 'users/registration' endpoint. **Recommendations** For Monstra CMS version 3.0.4, consider disabling the registration form temporarily until a fix is available to prevent potential exploitation. Restrict access to the 'users/registration' endpoint to minimize risk. Avoid using the `login` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns a session management problem in the Administrations Tab of Monstra CMS. Specifically, changing a password at the "admin/index.php?id=users&action=edit&user id=1" endpoint does not invalidate an open session in a different browser. **Recommendations** For Monstra CMS version 3.0.4, as a temporary workaround, consider restricting access to the "admin/index.php?id=users&action=edit&user id=1" endpoint until a proper fix is available, and avoid using the `user id` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns a session management problem in the Users tab. Specifically, changing a password at the "users/1/edit" endpoint does not invalidate an open session in a different browser. **Recommendations** For Monstra CMS version 3.0.4, as a temporary workaround, consider implementing a mechanism to invalidate all active sessions when a user's password is changed. Restrict access to the "users/1/edit" endpoint until a proper fix is applied to ensure session invalidation upon password change.