CVE-2021-27370

MEDIUM

Monica 2.19.1 - XSS

Title source: llm

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.

exploitdb WORKING POC

by BouSalman · textwebappsmultiple

CVSS v3 5.4

EPSS 0.0030

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (1)

monicahq/monica 2.19.1

Published Feb 22, 2021

Tracked Since Feb 18, 2026