Alromh87

**Name of the Vulnerable Software and Affected Versions** Starcounter-Jack JSON-Patch versions up to 3.1.0 **Description** A vulnerability has been found in Starcounter-Jack JSON-Patch, classified as problematic. This issue affects unknown code and leads to improperly controlled modification of object prototype attributes, known as 'prototype pollution'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.1 can address this issue. **Recommendations** For Starcounter-Jack JSON-Patch versions up to 3.1.0, upgrade to version 3.1.1 to address the issue. As a temporary workaround, consider restricting access to the affected component until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Monica version 2.19.1 **Description** The issue concerns a stored XSS vulnerability in the Contact page, specifically via the `First Name` field. This allows for malicious script execution when a user inputs tainted data into this field. **Recommendations** For Monica version 2.19.1, update to a version that fixes this issue to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monica version 2.19.1 **Description** The issue concerns a stored XSS vulnerability in the Contact page, specifically via the `Middle Name` field. This allows for malicious scripts to be stored and executed when the page is accessed. **Recommendations** For Monica version 2.19.1, as a temporary workaround, consider restricting input to the `Middle Name` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monica version 2.19.1 **Description** The issue allows stored XSS via the `Description` field on the Contact page. **Recommendations** For Monica version 2.19.1, update to a version that fixes this issue to prevent stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Monica version 2.19.1 **Description** The issue concerns a stored XSS vulnerability in the Contact page, specifically via the `Nickname` field. This allows for malicious scripts to be stored and executed when the page is accessed. **Recommendations** For Monica version 2.19.1, update to a version that fixes this issue to prevent stored XSS attacks via the `Nickname` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monica version 2.19.1 **Description** The issue concerns a stored XSS vulnerability in the Contact page, specifically via the `Last Name` field. This allows for malicious scripts to be stored and executed when the page is accessed. **Recommendations** For Monica version 2.19.1, update to a version that fixes this issue, as the current version allows stored XSS attacks through the `Last Name` field in the Contact page. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** object-path versions <= 0.11.4 **Description** A prototype pollution vulnerability has been found in the `set()` method of the `object-path` library. The vulnerability is limited to the `includeInheritedProps` mode, which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5. **Recommendations** For versions <= 0.11.4, upgrade to version 0.11.5 to fix the issue. As a temporary workaround, do not use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.