PT-2018-13810 · Monstra · Monstra Cms
Howchen
·
Published
2018-09-12
·
Updated
2018-10-31
·
CVE-2018-16978
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Monstra CMS version 3.0.4
Description
The issue occurs when an individual attempts to register an account with a crafted
password parameter to the "users/registration" endpoint. This is a distinct issue from previously identified vulnerabilities.Recommendations
For Monstra CMS version 3.0.4, consider restricting access to the "users/registration" endpoint until a fix is available, and avoid using crafted password parameters to prevent potential exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monstra Cms