CVE-2023-1031 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Monicahq	Monica	4.0.0

Related Weaknesses (CWE)

CWE-79

References

https://fluidattacks.com/advisories/napoliExploitThird Party Advisory
https://www.monicahq.com/Product
https://fluidattacks.com/advisories/napoliExploitThird Party Advisory
https://www.monicahq.com/Product

FAQ

What is CVE-2023-1031?

CVE-2023-1031 is a vulnerability with a CVSS score of 8.8 (HIGH). MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.

How severe is CVE-2023-1031?

CVE-2023-1031 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1031?

Check the references section above for vendor advisories and patch information. Affected products include: Monicahq Monica.