search

monicahq / docker

docker image of Monica
https://hub.docker.com/_/monica/
GNU General Public License v2.0
203 stars 61 forks source link

stored XSS in "http://<APP-IP>/people/<ID>/avatar" #143

Closed d4rks1d33 closed 6 months ago

d4rks1d33 commented 10 months ago

Is possible to perform a stored XSS uploading a malicious image

Let me know if you need more information about this bug and how to reproduced it

asbiin commented 6 months ago

Please send any detail to security@monicahq.com