Launchpad.net

CVE 2021-27559

The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.

See the CVE page on Mitre.org for more details.