Waterpasteo

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: The issue concerns a stored XSS vulnerability. An attacker with access to the editor role can exploit this by entering a malicious payload in the title section of the "Edit 404 page" action, which is accessible through the `admin/index.php?id=pages&action=edit page&name=error404` endpoint. Recommendations: For Monstra CMS version 3.0.4, consider restricting access to the editor role and limiting the ability to edit page titles until a fix is available. As a temporary workaround, avoid using the `title` section in the "Edit 404 page" action to minimize the risk of exploitation.