Vulnerabilities > Monicahq

DATE CVE VULNERABILITY TITLE RISK
2023-12-11 CVE-2023-50465 Cross-site Scripting vulnerability in Monicahq Monica 0.4.0
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.
network
low complexity
monicahq CWE-79
5.4
5.4
2023-05-08 CVE-2023-1031 Unspecified vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.
network
low complexity
monicahq
8.8
8.8
2023-05-08 CVE-2023-1094 Unspecified vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.
network
low complexity
monicahq
8.8
8.8
2023-05-08 CVE-2023-30787 Cross-site Scripting vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.
network
low complexity
monicahq CWE-79
5.4
5.4
2023-05-08 CVE-2023-30788 Cross-site Scripting vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.
network
low complexity
monicahq CWE-79
5.4
5.4
2023-05-08 CVE-2023-30789 Cross-site Scripting vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.
network
low complexity
monicahq CWE-79
5.4
5.4
2023-05-08 CVE-2023-30790 Cross-site Scripting vulnerability in Monicahq Monica 4.0.0
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.
network
low complexity
monicahq CWE-79
5.4
5.4
2021-02-22 CVE-2021-27559 Cross-site Scripting vulnerability in Monicahq Monica 2.19.1
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
network
monicahq CWE-79
3.5
3.5
2021-02-22 CVE-2021-27371 Cross-site Scripting vulnerability in Monicahq Monica 2.19.1
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
network
monicahq CWE-79
3.5
3.5
2021-02-22 CVE-2021-27370 Cross-site Scripting vulnerability in Monicahq Monica 2.19.1
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
network
monicahq CWE-79
3.5
3.5