Nicolas Gula - Security Researcher - Exploit Intelligence Platform

CVE-2024-54994 WRITEUP MEDIUM WORKING POC

Monica - XSS

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.

CVSS 6.5

View Code

CVE-2024-54996 WRITEUP HIGH WORKING POC

Monica - Code Injection

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.

CVSS 8.8

View Code

CVE-2024-54997 WRITEUP MEDIUM WORKING POC

Monica - Code Injection

MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.

CVSS 5.4

View Code

CVE-2024-54998 WRITEUP MEDIUM WORKING POC

Monica - XSS

MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.

CVSS 5.4

View Code

CVE-2024-54999 WRITEUP MEDIUM WORKING POC

Monica - Code Injection

MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.

CVSS 6.5

View Code