Monica Security Vulnerabilities

CVE-2023-50465

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated...

CVE-2023-30790

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and first_name and last_name...

CVE-2023-30789

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company...

CVE-2023-30788

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName...

CVE-2023-30787

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/introductions endpoint and first_met_additional_info...

CVE-2023-1094

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/food endpoint and food...

CVE-2023-1031

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and first_name...

CVE-2020-35660

Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal...

CVE-2021-27369

The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name...

CVE-2021-27368

The Contact page in Monica 2.19.1 allows stored XSS via the First Name...

CVE-2021-27371

The Contact page in Monica 2.19.1 allows stored XSS via the Description...

CVE-2021-27370

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name...

CVE-2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname...