PT-2023-31568 · Monica · Monica
Ev3Rr3D
·
Published
2023-12-10
·
Updated
2023-12-13
·
CVE-2023-50465
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Monica (aka MonicaHQ) version 4.0.0
Description
A stored cross-site scripting (XSS) vulnerability exists in the software via an SVG document uploaded by an authenticated user.
Recommendations
For version 4.0.0, consider restricting the upload of SVG documents by authenticated users until a patch is available. As a temporary workaround, disabling the feature to upload SVG files can help minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monica