CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

PT-2026-21270

Name of the Vulnerable Software and Affected Versions Monica version 4.1.2 Description A Host Header Poisoning issue exists due to improper handling of the HTTP Host header in the file app/Providers/AppServiceProvider.php. This is combined with a default misconfiguration where app.force url is no...

CVE-2021-27370

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field...

CVE-2020-35660

Cross Site Scripting XSS in Monica before 2.19.1 via the journal page...

CVE-2024-54951

Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...

Regis Freyd Monica Cross-Site Scripting Vulnerability

Regis Freyd Monica is an application by the personal developer of Regis Freyd in the United States. Offers to organize and record your interactions with your loved ones. A cross-site scripting vulnerability exists in Regis Freyd Monica versions prior to 2.19.1, which can be exploited by an attack...

Monica Cross-Site Scripting Vulnerability (CNVD-2021-12659)

Monica is an open source personal relationship management system. A stored cross-site scripting vulnerability exists in the Contacts page in Monica 2.19.1. The vulnerability can be exploited to conduct cross-site scripting attacks via the Middle Name field...

Monica Cross-Site Scripting Vulnerability

Monica is an open source personal relationship management system. A stored cross-site scripting vulnerability exists in the Contacts page in Monica 2.19.1. The vulnerability can be exploited to conduct a cross-site scripting attack via the Nickname field...