Monstra 3.0.4 - Cross-Site Scripting

EDB-ID: 45156
Author: Nainsi Gupta
Published: 2018-08-06
CVE: CVE-2018-14922
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Date: 04-08-2018 
# Exploit Author: Nainsi Gupta
# Vendor Homepage:
# Software Link:
#Published In-
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : CVE-2018-14922

1. 1. Go to the site ( ) .
2- Click on Registration page (Registration) .
3- Register by giving you name ,mail and soo on...
4 -Now log In i the website.
5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Nainsi/)> and in Lastname paste "><svg/onload=alert(/Gupta/)>
6. After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.

Related Posts