monstra-cms/monstra

Issues

• Remote Code Execution via Theme module

  #464 opened 5 years ago by th3lawbreaker
  1

• Add a security policy

  #472 opened 2 years ago by benharvie
  0

• Stored XSS Vulnerability(Need Authentication)

  #436 opened 3 years ago by starnightcyber
  0

• RCE (Remote Code Execution via Theme Blog Monstra version 3.0.4)

  #470 opened 3 years ago by r0ck3t1973
  0

• Monstra 3.0.4 case without filtering leads to unrestricted file upload vulnerability

  #471 opened 3 years ago by wuhuaviator
  0

• Cross Site Script Vulnerability on "Page" in Monstra version 3.0.4

  #463 opened 5 years ago by r0ck3t1973
  2

• Remote Code Execution via Snippets module in Monstra version 3.0.4

  #466 opened 5 years ago by r0ck3t1973
  1

• Monstra 3.0.4 Local File Inclusion Vulnerability

  #469 opened 4 years ago by Zbadblog
  0

• Cross Site Script Vulnerability on "Site Settings" in Monstra version 3.0.4

  #465 opened 5 years ago by r0ck3t1973
  0

• PHP command execution exists in edit blog template in monstra 3.0.4

  #468 opened 5 years ago by yanqian1993
  0

• Cross Site Scripting Vulnerability on "Files" upload file SVG in Monstra 3.0.4

  #467 opened 5 years ago by Songohan22
  0

• Bypass authentication through loose comparison (==)

  #462 opened 5 years ago by peng-hui
  0

• bypassed extension filter in uploading process different before

  #461 opened 5 years ago by yaoyao6688
  0

• Monstra 3.0.4 has Stored XSS via Uploading html file that has no extension.

  #459 opened 6 years ago by Hexife
  8

• Insecure Permissions Vulnerability

  #434 opened 7 years ago by sunu11
  3

• Monstra XSS Vulnerability @Awilum

  #438 opened 7 years ago by aberkdusunur
  1

• XSS (via SVG file upload) in Monstra-dev

  #451 opened 6 years ago by security-breachlock
  1

• XSS (Stored) in Monstra-dev

  #452 opened 6 years ago by security-breachlock
  1

• php code execution in snippets modul

  #455 opened 6 years ago by xiaohuihui1113
  1

• MONSTRA CLOSED - CHECK NEW FLEXTYPE!

  #460 opened 6 years ago by Awilum
  0

• directory traversal in in Monstra-dev

  #457 opened 6 years ago by xiaohuihui1113
  2

• Some extension can bypassed extension filter in uploading process

  #429 opened 7 years ago by Hexife
  1

• Stored XSS in Monstra CMS 3.0.4

  #458 opened 6 years ago by PrincyEdward
  0

• Insecure direct object reference

  #453 opened 6 years ago by dhananjay-bajaj
  0

• any file delete

  #456 opened 6 years ago by xiaohuihui1113
  0

• Cross site scripting in name field of new page

  #454 opened 6 years ago by dhananjay-bajaj
  0

• Monstra rebranded to Flextype!

  #448 opened 7 years ago by Awilum
  12

• MONSTRA 4 REBRANDED TO FLEXTYPE

  #431 opened 7 years ago by Awilum
  3

• Vulnerable Login Rate Limiting Bypass

  #447 opened 7 years ago by abdilahrf
  0

• Reflected XSS in Login

  #445 opened 7 years ago by nikhil1232
  0

• XSS in registration Form

  #446 opened 7 years ago by nikhil1232
  0

• Session Management Issue in Administrations Tab

  #444 opened 7 years ago by nikhil1232
  0

• Session Management in users

  #443 opened 7 years ago by nikhil1232
  0

• Found Few Bugs

  #442 opened 7 years ago by nikhil1232
  0

• 404 page have Stored XSS Vulnerability

  #437 opened 7 years ago by Waterpaste
  0

• There is a stored XSS vulnerability that can triage JavaScript code

  #435 opened 7 years ago by magicming200
  0

• a remote code execution vulnerability.

  #433 opened 7 years ago by sunu11
  2

• Click-Jacking vulnerability

  #430 opened 7 years ago by Sud0-su
  0

• Authenticated Stored Cross Site Scripting Vulnerability

  #427 opened 7 years ago by c0d3G33k
  0

• Recommended Patch for Remote Command Execution Vulnerability

  #426 opened 7 years ago by security-prince
  1

• Reporting Security Vulnerabilites

  #425 opened 7 years ago by security-prince
  1

• Contact Plugin not worked

  #423 opened 8 years ago
  1

• Custom field in pages

  #418 opened 9 years ago by sashahohloma
  1

• Check for is_string() before calling trim() on sanitizeURL()

  #421 opened 8 years ago by GundamDX
  0

• replace jquery-2.x with latest jquery-1.x to support ie8

  #420 opened 8 years ago by gsw945
  0

• Cannot use absolute https links in menu

  #419 opened 8 years ago
  0

• Sitemap connection issue

  #409 opened 9 years ago by advisionmarketing
  4

• Preview doesn't works in Page Editor

  #410 opened 9 years ago by Awilum
  1

• Upgrade info

  #417 opened 9 years ago by macron13
  1

• Use Force instead of Gelato

  #408 opened 9 years ago by Awilum
  0