Nicolas Gula - Security Researcher - Exploit Intelligence Platform

CVE-2024-54994 WRITEUP MEDIUM WORKING POC

MonicaHQ v4.1.2 - Stored Cross-Site Scripting via First Name and Last Name Parameters

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.

CVSS 6.5

View Code

CVE-2024-54996 WRITEUP HIGH WORKING POC

MonicaHQ 4.1.2 - Authenticated Client-Side Injection via Reminder Title and Description Parameters

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.

CVSS 8.8

View Code

CVE-2024-54997 WRITEUP MEDIUM WORKING POC

MonicaHQ v4.1.1 - Authenticated Client-Side Injection via Journal Entry Text Field

MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.

CVSS 5.4

View Code

CVE-2024-54998 WRITEUP MEDIUM WORKING POC

MonicaHQ v4.1.2 - Authenticated Client-Side Injection via Debts Creation Reason Parameter

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.

CVSS 5.4

View Code

CVE-2024-54999 WRITEUP MEDIUM WORKING POC

MonicaHQ 4.1.2 - Client-Side Injection via Last Name Parameter

MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.

CVSS 6.5

View Code