Описание
Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Third Party AdvisoryVDB Entry
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 1.19.6 (включая)
cpe:2.3:a:uptime_kuma_project:uptime_kuma:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.
EPSS
Процентиль: 36%
0.00149
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79