CVE-2018-11227
published 2019-07-03CVE-2018-11227: Monstra CMS 3.0.4 and earlier has XSS via index.php.
PriorityP338medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.75%
90.8th percentile
Monstra CMS 3.0.4 and earlier has XSS via index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| monstra | monstra_cms | < 3.0.4 | 3.0.4 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
Monstra CMS <=3.0.4 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-11227 [MEDIUM] Monstra CMS <=3.0.4 - Cross-Site Scripting
Monstra CMS &password=xxxxxx&login_submit=Log+In
matchers-condition: and
matchers:
- type: word
part: body
words:
- ">"
- "Monstra"
case-insensitive: true
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022039097899b29c4883a700c1e9879bf1a2ebcbbd0e96e548d9ff79d556641bc97002210097744912bf1a731aae35d9278ae25d6e770dbf1c47a1b14bd7cdef3b67b118f7:922c64590222798bb761d5b6d8e72950
2019-07-03
Published