Exploit/Advisories
Published on April 6th, 2023 📆 | 1968 Views ⚑
0Uptime Kuma 1.19.6 Cross Site Scripting – Torchsec
# Exploit Title: Stored XSS in uptime-kuma <= v1.19.6
# CVE: CVE-2023-26777
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/louislam/
# Software Link: https://github.com/louislam/uptime-kuma
# Tested on: Ubuntu
# Version: <= v1.19.6
# Exploit Description: Stored Cross Site Scripting vulnerability found in Uptime Kuma v.1.19.6 and before, allows a remote attacker to execute arbitrary javascript code via the description, title, footer, and incident creation parameter of the status status page in the application.Create a status page, while giving the title or the discription give the payload:
If anyone loads the page, the javascript inside the script tag will be executed.
Gloss