PT-2023-22982 · Monicahq · Monicahq

Lautaro Casanova

·

Publicado

2023-05-08

·

Atualizado

2025-02-03

·

CVE-2023-30789

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions MonicaHQ version 4.0.0
Description The issue allows an authenticated remote attacker to execute malicious code in the application via CSTI in the "people:id/work" endpoint, specifically using the job and company parameters.
Recommendations For MonicaHQ version 4.0.0, consider disabling access to the "people:id/work" endpoint until a patch is available. As a temporary workaround, restrict the use of the job and company parameters in this endpoint to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-30789

Produtos afetados

Monicahq