CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-26777

Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.5%

CVSS Severity

CVSS v3 Score 6.1

References

http://packetstormsecurity.com/files/171699/Uptime-Kuma-1.19.6-Cross-Site-Scripting.html
https://github.com/louislam/uptime-kuma/issues/2186
http://packetstormsecurity.com/files/171699/Uptime-Kuma-1.19.6-Cross-Site-Scripting.html
https://github.com/louislam/uptime-kuma/issues/2186

Products affected by CVE-2023-26777

Uptime Kuma Project » Uptime Kuma » Version: N/A

cpe:2.3:a:uptime_kuma_project:uptime_kuma:-
Uptime Kuma Project » Uptime Kuma » Version: 1.19.6

cpe:2.3:a:uptime_kuma_project:uptime_kuma:1.19.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26777

Products

Pricing

Contact Us