Share
## https://sploitus.com/exploit?id=PACKETSTORM:171699
# Exploit Title: Stored XSS in uptime-kuma <= v1.19.6  
# CVE: CVE-2023-26777  
# Exploit Author: Achuth V P (retrymp3)  
# Date: February 09, 2023  
# Vendor Homepage: https://github.com/louislam/  
# Software Link: https://github.com/louislam/uptime-kuma  
# Tested on: Ubuntu  
# Version: <= v1.19.6  
# Exploit Description: Stored Cross Site Scripting vulnerability found in Uptime Kuma v.1.19.6 and before, allows a remote attacker to execute arbitrary javascript code via the description, title, footer, and incident creation parameter of the status status page in the application.  
  
Create a status page, while giving the title or the discription give the payload: <script>""</script><script>alert("XSS")</script>  
If anyone loads the page, the javascript inside the script tag will be executed.