Monica Security Vulnerabilities and Issues — Monica CVE List

Lucene search

MonicahqMonica

5 matches found

cve•added 2025/02/13 11:15 p.m.•45 views

CVE-2024-54951

Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS.

5.4CVSS6.5AI score0.0016EPSS

cve•added 2025/01/10 9:15 p.m.•41 views

CVE-2024-54998

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.

5.4CVSS7.7AI score0.00021EPSS

Web

cve•added 2025/01/10 9:15 p.m.•39 views

CVE-2024-54994

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.

6.5CVSS7.9AI score0.00062EPSS

cve•added 2025/01/10 9:15 p.m.•37 views

CVE-2024-54996

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.

8.8CVSS7.8AI score0.00082EPSS

Web

cve•added 2025/01/10 9:15 p.m.•36 views

CVE-2024-54997

MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.

5.4CVSS7.7AI score0.00079EPSS

Web