Lucene search
Veracode Vulnerability DatabaseVERACODE:44458HistoryNov 29, 2023 - 6:35 a.m.
Cross Site Scripting (XSS)
2023-11-2906:35:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
xss
vulnerability
javascript
session hijacking
improper validation
google analytics
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
17.0%
uptime-kuma is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper validation of google analytics tagID. An attacker can inject malicious javascript and perform session hijacking.
Related
cve
cve
CVE-2023-49276
2023-12-01 22:15:10
prion
prion
Cross site scripting
2023-12-01 22:15:00
cvelist
cvelist
osv
osv
CVE-2023-49276
2023-12-01 22:15:10
Attribute Injection leading to XSS(Cross-Site-Scripting)
2023-11-24 16:54:20
nvd
nvd
CVE-2023-49276
2023-12-01 22:15:10
github
github
Attribute Injection leading to XSS(Cross-Site-Scripting)
2023-11-24 16:54:20
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for VERACODE:44458