Home Tools Exploits & CVE's Uptime Kuma 1.19.6 Cross Site Scripting

Uptime Kuma 1.19.6 Cross Site Scripting

April 6, 2023

497

Uptime Kuma versions 1.19.6 and below suffer from a cross site scripting vulnerability.

advisories | CVE-2023-26777

# Exploit Title: Stored XSS in uptime-kuma <= v1.19.6
# CVE: CVE-2023-26777
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/louislam/
# Software Link: https://github.com/louislam/uptime-kuma
# Tested on: Ubuntu
# Version: <= v1.19.6
# Exploit Description:  Stored Cross Site Scripting vulnerability found in Uptime Kuma v.1.19.6 and before, allows a remote attacker to execute arbitrary javascript code via the description, title, footer, and incident creation parameter of the status status page in the application.

Create a status page, while giving the title or the discription give the payload: <script>""</script><script>alert("XSS")</script>
If anyone loads the page, the javascript inside the script tag will be executed.

Uptime Kuma 1.19.6 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Doctor Appointment Management System 1.0 Cross Site Scripting

Kemp LoadMaster Unauthenticated Command Injection

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Bludit 3.13.1 Cross Site Scripting

Laravel Media Library Pro 2.1.6 Shell Upload

Millhouse-Project 1.414 Cross Site Scripting