plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/monstra-cms/monstra/issues/437 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-15T17:00:00Z
Updated: 2024-09-17T03:13:40.506Z
Reserved: 2018-04-15T00:00:00Z
Link: CVE-2018-10121
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-04-16T09:58:10.633
Modified: 2018-05-16T15:20:25.827
Link: CVE-2018-10121
Redhat
No data.