PT-2023-31568 · Monica · Monica
Ev3Rr3D
·
Publicado
2023-12-10
·
Atualizado
2023-12-13
·
CVE-2023-50465
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Monica (aka MonicaHQ) version 4.0.0
Description
A stored cross-site scripting (XSS) vulnerability exists in the software via an SVG document uploaded by an authenticated user.
Recommendations
For version 4.0.0, consider restricting the upload of SVG documents by authenticated users until a patch is available. As a temporary workaround, disabling the feature to upload SVG files can help minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Monica