A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated...
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and first_name and last_name...
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company...
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName...
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/introductions endpoint and first_met_additional_info...
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/food endpoint and food...
8.8CVSS
8.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and first_name...
8.8CVSS
8.7AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.004EPSS
5.4CVSS
5.2AI Score
0.001EPSS