daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-23697.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-01 11:32:32 -05:00
parent 510a8ea5d4
commit 7c9e955e98
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2020/CVE-2020-23697.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2020-23697
info:
name: Monstra CMS V3.0.4 - Cross-Site Scripting
name: Monstra CMS 3.0.4 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross Site Scripting vulnerability in Monstra CMS 3.0.4 via the 'page' feature in admin/index.php.
Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/monstra-cms/monstra/issues/463
- https://nvd.nist.gov/vuln/detail/CVE-2020-23697
@ -63,3 +63,5 @@ requests:
regex:
- 'id="csrf" name="csrf" value="(.*)">'
internal: true
# Enhanced by md on 2023/02/01