Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-25810: Persistent XSS through description in status page

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#xss#vulnerability

Package

No package listed

Affected versions

<= 1.19.6

Description

Summary

Uptime Kuma status page allows persistent XSS.

PoC

  1. Run Uptime Kuma with version 1.19.2
  2. Create a new status page.
  3. Edit a status page and enter the following payload into "description": "><script>alert(‘XSS in description discovered by Manuel’)</script>
  4. Press “Save” --> The payload is executed.
  5. The payload is also executed when you select the this status page.

Impact

https://cwe.mitre.org/data/definitions/79.html

Screenshots

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE