MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2023-05-08T00:00:00

Updated: 2024-08-02T14:37:15.515Z

Reserved: 2023-04-17T00:00:00

Link: CVE-2023-30790

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-05-08T20:15:20.207

Modified: 2023-05-12T19:57:12.793

Link: CVE-2023-30790

cve-icon Redhat

No data.