5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5AI Score
0.004EPSS
5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and first_name parameter.
8.8CVSS
8.6AI Score
0.002EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/food endpoint and food parameter.
8.8CVSS
8.6AI Score
0.002EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/introductions endpoint and first_met_additional_info parameter.
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName parameter.
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter.
5.4CVSS
5.7AI Score
0.001EPSS
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and first_name and last_name parameter.
5.4CVSS
5.7AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.
5.4CVSS
5.1AI Score
0.001EPSS