6 matches found
Monicahq Monica Stored Cross-Site Scripting (CVE-2021-27370)
A cross-site scripting vulnerability exists in Monicahq Monica. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Monica 2.19.1 Cross Site Scripting
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...
Monica 2.19.1 - 'last_name' Stored XSS
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...
CVE-2021-27370
creationtimestamp| type| source ---|---|--- 2021-02-22 18:33:37+00:00| seen| https://t.me/cibsecurity/23936 2021-05-30 02:48:48+00:00| seen| https://t.me/pwnwikizhchannel/536 2024-11-14 06:08:14+00:00| seen| MISP/c2c04838-d6e1-4b00-9559-c10d30b55ebf...
CVE-2021-27370
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field...
CVE-2021-27370
CVE-2021-27370 describes a stored XSS vulnerability in Monica 2.19.1, exploitable via the Last Name field on the Contacts page. The CVE is supported by multiple sources (NVD/NVD metrics show CVSSv3.1 base score 5.4 MEDIUM and CVSSv2 base score 3.5 LOW), with public details including exploit examp...