Lucene search

GoogleOSV:CVE-2023-26777

HistoryApr 04, 2023 - 3:15 p.m.

CVE-2023-26777

2023-04-0415:15:09

Google

osv.dev

cve-2023-26777

remote attacker

arbitrary commands

status page

software

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.

References

packetstormsecurity.com/files/171699/Uptime-Kuma-1.19.6-Cross-Site-Scripting.html

github.com/louislam/uptime-kuma/issues/2186

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Related for OSV:CVE-2023-26777