For every bounty won throughout May 2021, huntr will donate half towards Indian COVID relief.
Stored Cross Site Scripting (Authenticated) via Unrestricted file upload.
Given you have installed Monica CRM, login and create a contact. Now go to contact's profile and click on photos tab
Upload this svg file:
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" onload="alert(1);"> <circle /> </svg>
This vulnerability is capable of...