CVE-2021-27370

🗓️ 22 Feb 2021 14:38:02Reported by mitreType

cve

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 76 Views🌐 WEB

Monica 2.19.1 Contact page stored XSS via Last Name field

Reporter	Title	Published	Views	Family All 12
0day.today	Monica 2.19.1 - (last_name) Stored XSS Vulnerability	23 Feb 202100:00	–	zdt
Circl	CVE-2021-27370	22 Feb 202118:33	–	circl
CNNVD	Monica 跨站脚本漏洞	22 Feb 202100:00	–	cnnvd
CNVD	Monica Cross-Site Scripting Vulnerability (CNVD-2021-12660)	23 Feb 202100:00	–	cnvd
Check Point Advisories	Monicahq Monica Stored Cross-Site Scripting (CVE-2021-27370)	16 Mar 202100:00	–	checkpoint_advisories
Cvelist	CVE-2021-27370	22 Feb 202114:38	–	cvelist
Exploit DB	Monica 2.19.1 - 'last_name' Stored XSS	23 Feb 202100:00	–	exploitdb
EUVD	EUVD-2021-14128	7 Oct 202500:30	–	euvd
NVD	CVE-2021-27370	22 Feb 202115:15	–	nvd
Packet Storm	Monica 2.19.1 Cross Site Scripting	23 Feb 202100:00	–	packetstorm

NVD

Node

monicahq monicaMatch2.19.1

Source	Link
huntr	www.huntr.dev/bounties/2-other-monica/
github	www.github.com/monicahq/monica/pull/4543
github	www.github.com/monicahq/monica/issues/4888
packetstormsecurity	www.packetstormsecurity.com/files/161501/Monica-2.19.1-Cross-Site-Scripting.html

Parameter	Position	Path	Description	CWE
last_name	request body	/people	Stored XSS via last_name field in Monica 2.19.1 through POST /people	CWE-79

21 Nov 2024 05:57Current

5Medium risk

Vulners AI Score5

CVSS 23.5

CVSS 3.15.4

EPSS0.00297

cve-2021-27370 monica 2.19.1 contact page stored xss last name field nvd