Allevon412

**Name of the Vulnerable Software and Affected Versions** Monica version 4.1.2 **Description** The issue allows a malicious user to create a malformed contact and use it in the "HOW YOU MET" customization options to trigger Cross Site Scripting (XSS). **Recommendations** For Monica version 4.1.2, as a temporary workaround, consider restricting the use of the "HOW YOU MET" customization options until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.