PT-2023-20320 · Unknown · Uptime Kuma

Manuel-Sommer

Publicado

2023-02-21

Atualizado

2023-03-02

CVE-2023-25810

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Uptime Kuma versions prior to 1.20.0

Description Uptime Kuma is a self-hosted monitoring tool. The Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Recommendations For versions prior to 1.20.0, upgrade to version 1.20.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the status page until a patch is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-25810

GHSA-WH8J-XR66-F296

Produtos afetados

Uptime Kuma

PT-2023-20320 · Unknown · Uptime Kuma

CVE-2023-25810

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8