Unrated severityNVD Advisory· Published Feb 21, 2023· Updated Mar 10, 2025
Persistent Cross site scripting (XSS) through description in status page in Uptime Kuma
CVE-2023-25810
Description
Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.20.0+ 1 more
- (no CPE)range: <1.20.0
- (no CPE)range: < 1.20.0
Patches
Vulnerability mechanics
References
1- github.com/louislam/uptime-kuma/security/advisories/GHSA-wh8j-xr66-f296mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.