CVE-2023-49805
- EPSS 0.01%
- Veröffentlicht 11.12.2023 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:33:52
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the appli...
CVE-2023-49804
- EPSS 0.05%
- Veröffentlicht 11.12.2023 23:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:52
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, eve...
CVE-2023-49276
- EPSS 0.53%
- Veröffentlicht 01.12.2023 22:15:10
- Zuletzt bearbeitet 21.11.2024 08:33:10
Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google A...
CVE-2023-44400
- EPSS 0.04%
- Veröffentlicht 09.10.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 08:25:49
Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactiv...