CVE-2024-10927

Name of the Vulnerable Software and Affected Versions MonoCMS versions up to 20240528

Description A problematic issue was found in MonoCMS, affecting an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the userid argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For MonoCMS versions up to 20240528, as a temporary workaround, consider restricting access to the /monofiles/account.php file until a patch is available. Avoid using the userid argument in the affected Account Information Page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.