📦 Monica

MonicaHQ v4.1.2 contains authenticated client-side injection vulnerabilities in the title and description parameters of the reminders creation feature. This allows authenticated attackers to inject ma...

MonicaHQ 4.0.0 contains a client-side template injection (CSTI) vulnerability in the settings endpoint's first_name parameter that allows authenticated attackers to execute malicious JavaScript code. ...

Monica 4.1.2 contains a stored cross-site scripting (XSS) vulnerability in the 'HOW YOU MET' contact customization feature. An authenticated attacker can create malicious contacts that execute JavaScr...

MonicaHQ v4.1.1 contains an authenticated client-side injection vulnerability in the journal entry text field. This allows authenticated attackers to inject malicious scripts that execute in other use...