CVE-2020-20691

Published: Sep 27, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

Affected (1)

Products: Monstra: Monstra Cms

Monstra

1 product

Monstra Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Monstra Monstra Cms	Version 3.0.4

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/monstra-cms/monstra/issues/461

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/monstra-cms/monstra/issues/461

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.