CVE-2024-36775

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. This could potentially affect a significant number of devices worldwide, although the exact number is not specified.

Recommendations For Monstra CMS version 3.0.4, consider disabling the Edit Profile page or restricting access to the About Me parameter until a patch is available. As a temporary workaround, avoid using the About Me parameter in the Edit Profile page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.