monicahq CVE Vulnerabilities & Metrics

Focus on monicahq vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About monicahq Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with monicahq. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total monicahq CVEs: 13
Earliest CVE date: 22 Feb 2021, 15:15 UTC
Latest CVE date: 11 Dec 2023, 01:15 UTC

Latest CVE reference: CVE-2023-50465

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical monicahq CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.62

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	13
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS monicahq CVEs

These are the five CVEs with the highest CVSS scores for monicahq, sorted by severity first and recency.

CVE-2020-35660 monicahq Published on 14 Apr 2021, 18:15 UTC (CVSS: 3.5)
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
CVE-2021-27559 monicahq Published on 22 Feb 2021, 15:15 UTC (CVSS: 3.5)
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVE-2021-27371 monicahq Published on 22 Feb 2021, 15:15 UTC (CVSS: 3.5)
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
CVE-2021-27370 monicahq Published on 22 Feb 2021, 15:15 UTC (CVSS: 3.5)
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVE-2021-27369 monicahq Published on 22 Feb 2021, 15:15 UTC (CVSS: 3.5)
The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.

All CVEs for monicahq

CVE-2023-50465 monicahq vulnerability CVSS: 0 11 Dec 2023, 01:15 UTC

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

CVE-2023-30790 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.

CVE-2023-30789 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.

CVE-2023-30788 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.

CVE-2023-30787 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.

CVE-2023-1094 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.

CVE-2023-1031 monicahq vulnerability CVSS: 0 08 May 2023, 20:15 UTC

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.

CVE-2020-35660 monicahq vulnerability CVSS: 3.5 14 Apr 2021, 18:15 UTC

Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.

CVE-2021-27559 monicahq vulnerability CVSS: 3.5 22 Feb 2021, 15:15 UTC

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.

CVE-2021-27371 monicahq vulnerability CVSS: 3.5 22 Feb 2021, 15:15 UTC

The Contact page in Monica 2.19.1 allows stored XSS via the Description field.

CVE-2021-27370 monicahq vulnerability CVSS: 3.5 22 Feb 2021, 15:15 UTC

The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.

CVE-2021-27369 monicahq vulnerability CVSS: 3.5 22 Feb 2021, 15:15 UTC

The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.

CVE-2021-27368 monicahq vulnerability CVSS: 3.5 22 Feb 2021, 15:15 UTC

The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.