Known Vulnerabilities for products from Monicahq

Listed below are 17 of the newest known vulnerabilities associated with the vendor "Monicahq".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2024-54999 json MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Infor... Not Provided 2025-01-13 2026-07-05
CVE-2024-54998 json MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /p... Not Provided 2025-01-10 2026-07-05
CVE-2024-54997 json MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /j... Not Provided 2025-01-10 2026-07-05
CVE-2024-54996 json MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and desc... Not Provided 2025-01-10 2026-07-05
CVE-2024-54994 json MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name par... Not Provided 2025-01-10 2026-07-05
CVE-2023-30790 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 5.4 - MEDIUM 2023-05-08 2023-05-12
CVE-2023-30789 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 5.4 - MEDIUM 2023-05-08 2023-05-12
CVE-2023-30788 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 5.4 - MEDIUM 2023-05-08 2023-05-12
CVE-2023-30787 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 5.4 - MEDIUM 2023-05-08 2023-05-12
CVE-2023-1094 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 8.8 - HIGH 2023-05-08 2023-05-12
CVE-2023-1031 json MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... 8.8 - HIGH 2023-05-08 2023-05-16
CVE-2021-27559 json The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. 5.4 - MEDIUM 2021-02-22 2021-02-23
CVE-2021-27371 json The Contact page in Monica 2.19.1 allows stored XSS via the Description field. 5.4 - MEDIUM 2021-02-22 2021-02-23
CVE-2021-27370 json The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. 5.4 - MEDIUM 2021-02-22 2021-04-22
CVE-2021-27369 json The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. 5.4 - MEDIUM 2021-02-22 2021-02-23
CVE-2021-27368 json The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. 5.4 - MEDIUM 2021-02-22 2021-02-23
CVE-2020-35660 json Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. 5.4 - MEDIUM 2021-04-14 2021-04-19

Known software with vulnerabilities from Monicahq

Type Vendor Product Version
ApplicationMonicahqMonica0.1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report