CVE-2024-54951

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 13, 2025

Updated: Feb 14, 2025

CWE ID 79

Summary

CVE-2024-54951 represents a Cross Site Scripting (XSS) vulnerability in Monica 4.1.2. A malicious user can exploit this issue by creating a malformed contact and using it in the "HOW YOU MET" customization options. Successful exploitation allows the attacker to inject and execute malicious scripts in the victim's browser, potentially leading to unauthorized access, information theft, or other malicious actions. Users are strongly advised to update their Monica instances as soon as a patch becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Monica

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1Ttw5M
https://www.cve.org/CVERecord?id=CVE-2024-54951
https://nvd.nist.gov/vuln/detail/CVE-2024-54951

Back to Vulnerability Database

CVE-2024-54951

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations