CVE-2018-18694

Published: 2018-10-29T12:29Z

Last Modified: 2024-11-21T03:56Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt