exploitDog

CVE-2023-1031

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and first_name parameter.

Ссылки

https://fluidattacks.com/advisories/napoli
Exploit
Third Party Advisory
https://www.monicahq.com/
Product
https://fluidattacks.com/advisories/napoli
Exploit
Third Party Advisory
https://www.monicahq.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01107

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-79

Связанные уязвимости

GHSA-g5c3-6p2q-wc3j

CVSS3: 8.8

github

больше 2 лет назад

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.

EPSS

Процентиль: 78%

0.01107

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-79