PT-2021-17418 · Monica · Monica

Alromh87

·

Published

2021-02-22

·

Updated

2021-02-23

·

CVE-2021-27371

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Monica version 2.19.1
Description The issue allows stored XSS via the Description field on the Contact page.
Recommendations For Monica version 2.19.1, update to a version that fixes this issue to prevent stored XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-27371

Affected Products

Monica