Vulnerabilities > Monicahq

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-11	CVE-2023-50465	Cross-site Scripting vulnerability in Monicahq Monica 0.4.0 A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. network low complexity monicahq CWE-79	5.4
2023-05-08	CVE-2023-1031	Unspecified vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. network low complexity monicahq	8.8
2023-05-08	CVE-2023-1094	Unspecified vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. network low complexity monicahq	8.8
2023-05-08	CVE-2023-30787	Cross-site Scripting vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. network low complexity monicahq CWE-79	5.4
2023-05-08	CVE-2023-30788	Cross-site Scripting vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. network low complexity monicahq CWE-79	5.4
2023-05-08	CVE-2023-30789	Cross-site Scripting vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. network low complexity monicahq CWE-79	5.4
2023-05-08	CVE-2023-30790	Cross-site Scripting vulnerability in Monicahq Monica 4.0.0 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. network low complexity monicahq CWE-79	5.4
2021-04-14	CVE-2020-35660	Cross-site Scripting vulnerability in Monicahq Monica Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. network low complexity monicahq CWE-79	5.4
2021-02-22	CVE-2021-27559	Cross-site Scripting vulnerability in Monicahq Monica 2.19.1 The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. network low complexity monicahq CWE-79	5.4
2021-02-22	CVE-2021-27371	Cross-site Scripting vulnerability in Monicahq Monica 2.19.1 The Contact page in Monica 2.19.1 allows stored XSS via the Description field. network low complexity monicahq CWE-79	5.4

Vulnerabilities > Monicahq {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Monicahq"}]}

Vulnerabilities > Monicahq