Monicahq: community verdicts
5 notable / known-exploited Monicahq CVEs the community has triaged.
- CVE-2024-54996HIGH 8.8Real · low riskEPSS 1%
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
- CVE-2024-54999MED 6.5EPSS 0%
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
- CVE-2024-54998MED 5.4EPSS 0%
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
- CVE-2024-54994MED 6.5EPSS 0%
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
- CVE-2024-54997MED 5.4EPSS 0%
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.