Every CVE whose affected-product data names Monicahq Monica, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-26747 — CVSS 9.1 (critical): A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServicePro…
CVE-2024-54996 — CVSS 8.8 (high): MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description…
CVE-2023-1031 — CVSS 8.8 (high): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings`…
CVE-2023-1094 — CVSS 8.8 (high): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the…
CVE-2024-54994 — CVSS 6.5 (medium): MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the…
CVE-2024-54999 — CVSS 6.5 (medium): MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
CVE-2023-30787 — CVSS 5.4 (medium): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the…
CVE-2023-30788 — CVSS 5.4 (medium): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add`…
CVE-2023-30790 — CVSS 5.4 (medium): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the…
CVE-2023-50465 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated…
CVE-2024-54951 — CVSS 5.4 (medium): Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW…
CVE-2024-54997 — CVSS 5.4 (medium): MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at…
CVE-2024-54998 — CVSS 5.4 (medium): MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at…
CVE-2023-30789 — CVSS 5.4 (medium): MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the…