Lucene search
HistoryApr 04, 2023 - 3:15 p.m.
CVE-2023-26777
cve-2023-26777
cross site scripting
remote attacker
arbitrary commands
status_page.js endpoint
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
60.4%
Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.
Affected configurations
Node
uptime_kuma_projectuptime_kumaRange≤1.19.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| uptime_kuma_project | uptime_kuma | * | cpe:2.3:a:uptime_kuma_project:uptime_kuma:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-26777
2023-04-04 15:15:09
cvelist
cvelist
CVE-2023-26777
2023-04-04 00:00:00
prion
prion
Cross site scripting
2023-04-04 15:15:00
packetstorm
packetstorm
Uptime Kuma 1.19.6 Cross Site Scripting
2023-04-05 00:00:00
osv
osv
CVE-2023-26777
2023-04-04 15:15:09
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
60.4%
Related for NVD:CVE-2023-26777