PT-2018-10592 · Monstra · Monstra Cms
Nikhil1232
·
Published
2018-05-25
·
Updated
2018-06-26
·
CVE-2018-11473
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Monstra CMS version 3.0.4
Description
The issue concerns a security problem where an attacker can inject malicious code. The registration form is affected, specifically the
login parameter in the 'users/registration' endpoint.Recommendations
For Monstra CMS version 3.0.4, consider disabling the registration form temporarily until a fix is available to prevent potential exploitation. Restrict access to the 'users/registration' endpoint to minimize risk. Avoid using the
login parameter in this endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monstra Cms