# Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Scripting
# Date: 2018-08-04
# Exploit Author: Nainsi Gupta
# Vendor Homepage: http://monstra.org/
# Software Link: https://github.com/monstra-cms/monstra
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : N/A

# POC
1- Go  to the  site ( http://server.com/monstra-dev/ ) .
2- Click on  Registration page  (Registration) .
3- Register by giving you name ,mail and soo on...
4- Now log In i the website.
5- After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Case/)>  and in Lastname paste  "><svg/onload=alert(/Test/)> 
6- After saving the above changes, click on edit profile page and you will be able to see to Pop up stating "Test" and "Case".