For every bounty won throughout May 2021, huntr will donate half towards Indian COVID relief.
Stored Cross Site Scripting (Authenticated) via Unvalidated Input
Monica CRM allows users to personalize the contact field types from personalization page in settings. But it does not validate the protocol user adds which can allow an attacker to use the
Given you have installed the Monica CRM, login and visit
/settings/personalization page to add the protocol.
Create a new field type, name it whatever you want and in the protocol, type
Now save it and in the profile page of a contact, click "Add" in Contact information box.
Stored Cross Site Scripting