CVE-2024-54997

Name of the Vulnerable Software and Affected Versions MonicaHQ version 4.1.1

Description The issue is related to an authenticated Client-Side Injection vulnerability. This vulnerability can be triggered by an authenticated user through the entry text field at the "/journal/entries/ID/edit" API endpoint. The entry text field is the vulnerable parameter in this case.

Recommendations For MonicaHQ version 4.1.1, consider disabling access to the "/journal/entries/ID/edit" API endpoint until a patch is available. As a temporary workaround, restrict the use of the entry text field to minimize the risk of exploitation.