CVE-2018-19599

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 1.6

Description: The issue allows for XSS via an uploaded SVG document to the "admin/index.php?id=filesmanager&path=uploads/" URI. It is noted that Monstra CMS is a discontinued product.

Recommendations: For Monstra CMS version 1.6, as a temporary workaround, consider restricting access to the "admin/index.php?id=filesmanager&path=uploads/" URI to minimize the risk of exploitation. Avoid using this version until a resolution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.