Known Vulnerabilities for products from Monicahq
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Monicahq".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-54999 json | MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Infor... | Not Provided | 2025-01-13 | 2026-07-05 |
| CVE-2024-54998 json | MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /p... | Not Provided | 2025-01-10 | 2026-07-05 |
| CVE-2024-54997 json | MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /j... | Not Provided | 2025-01-10 | 2026-07-05 |
| CVE-2024-54996 json | MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and desc... | Not Provided | 2025-01-10 | 2026-07-05 |
| CVE-2024-54994 json | MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name par... | Not Provided | 2025-01-10 | 2026-07-05 |
| CVE-2023-30790 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 5.4 - MEDIUM | 2023-05-08 | 2023-05-12 |
| CVE-2023-30789 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 5.4 - MEDIUM | 2023-05-08 | 2023-05-12 |
| CVE-2023-30788 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 5.4 - MEDIUM | 2023-05-08 | 2023-05-12 |
| CVE-2023-30787 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 5.4 - MEDIUM | 2023-05-08 | 2023-05-12 |
| CVE-2023-1094 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 8.8 - HIGH | 2023-05-08 | 2023-05-12 |
| CVE-2023-1031 json | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `... | 8.8 - HIGH | 2023-05-08 | 2023-05-16 |
| CVE-2021-27559 json | The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | 5.4 - MEDIUM | 2021-02-22 | 2021-02-23 |
| CVE-2021-27371 json | The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | 5.4 - MEDIUM | 2021-02-22 | 2021-02-23 |
| CVE-2021-27370 json | The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | 5.4 - MEDIUM | 2021-02-22 | 2021-04-22 |
| CVE-2021-27369 json | The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | 5.4 - MEDIUM | 2021-02-22 | 2021-02-23 |
| CVE-2021-27368 json | The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | 5.4 - MEDIUM | 2021-02-22 | 2021-02-23 |
| CVE-2020-35660 json | Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. | 5.4 - MEDIUM | 2021-04-14 | 2021-04-19 |
Known software with vulnerabilities from Monicahq
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Monicahq | Monica | 0.1.0 |