monica

vulnerability cross-site scripting (xss) - stored (cwe-79)
severity 7.6
language php
registry other

✍️ Description

Stored xss via contact information

🕵️‍♂️ Proof of Concept

  1. First goto your account in https://app.monicahq.com/dashboard and add a contact . Now add twitter type contact-information in this contact while put bellow payload in url and save it . Now whenever click this link then xss is executed

Payload--->javascript://example.com//%0aalert(document.domain)

#Video POC ---> https://drive.google.com/file/d/1DMSh0Eh-8K-7pmdYwOKw3d3KjWGXW2Pf/view?usp=sharing

💥 Impact

Stored xss