Lucene search
Nainsi GuptaPACKETSTORM:148836HistoryAug 06, 2018 - 12:00 a.m.
Monstra-Dev 3.0.4 Cross Site Scripting
2018-08-0600:00:00
Nainsi Gupta
packetstormsecurity.com
19
EPSS
0.001
Percentile
43.6%
`# Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting
# Date: 04-08-2018
# Exploit Author: Nainsi Gupta
# Vendor Homepage: http://monstra.org/
# Software Link: https://github.com/monstra-cms/monstra
#Published In- https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : CVE-2018-14922
#POC
1. 1. Go to the site ( http://server.com/monstra-dev/ ) .
2- Click on Registration page (Registration) .
3- Register by giving you name ,mail and soo on...
4 -Now log In i the website.
5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Nainsi/)> and in Lastname paste "><svg/onload=alert(/Gupta/)>
6. After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.
`
Related
exploitdb
exploitdb
Monstra 3.0.4 - Cross-Site Scripting
2018-08-06 00:00:00
cve
cve
CVE-2018-14922
2018-08-14 18:29:00
prion
prion
Cross site scripting
2018-08-14 18:29:00
nvd
nvd
CVE-2018-14922
2018-08-14 18:29:00
zdt
zdt
Monstra 3.0.4 - Cross-Site Scripting Vulnerability
2018-08-06 00:00:00
osv
osv
CVE-2018-14922
2018-08-14 18:29:00
cvelist
cvelist
CVE-2018-14922
2018-08-14 16:00:00
openvas
openvas
Monstra CMS <= 3.0.4 Multiple Vulnerabilities
2018-05-29 00:00:00