14 matches found
EUVD-2024-52723
Malicious code in bioql PyPI...
EUVD-2023-35151
Malicious code in bioql PyPI...
CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit...
CVE-2023-30788
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName parameter...
CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...
CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...
CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...
PT-2025-3088
Name of the Vulnerable Software and Affected Versions MonicaHQ version 4.1.2 Description The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...
CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit...
CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:id/debts/create...
CVE-2024-54998
MonicaHQ v4.1.2 is affected by an authenticated Client-Side Injection vulnerability via the Reason parameter at the endpoint /people/h:[id]/debts/create. The issue is documented across multiple sources; the root cause is the insecure handling of the Reason parameter in this authenticated API path...
PT-2023-16703 · Monicahq · Monicahq
Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.0.0 Description: The issue allows an authenticated remote attacker to execute malicious code in the application via CSTI in the "settings" endpoint and first name parameter. Recommendations: For MonicaHQ version 4.0.0,...
CVE-2023-30789
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter...
CVE-2023-1031
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...