Enhancement: cves/2018/CVE-2018-11227.yaml by md

2023-01-30 14:24:22 -05:00 · 2023-01-30 14:24:22 -05:00 · 4ae9ee6d98
parent c65f36f9ec
commit 4ae9ee6d98
1 changed files with 5 additions and 3 deletions
--- a/cves/2018/CVE-2018-11227.yaml
+++ b/cves/2018/CVE-2018-11227.yaml
@ -1,15 +1,15 @@
 id: CVE-2018-11227

 info:
-  name: Monstra CMS V3.0.4 - Cross-Site Scripting
+  name: Monstra CMS <=3.0.4 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
-    Monstra CMS 3.0.4 and earlier has XSS via index.php.
+    Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php.  An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://github.com/monstra-cms/monstra/issues/438
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-11227
    - https://www.exploit-db.com/exploits/44646
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-11227
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
@ -47,3 +47,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by md on 2023/01/30