CVE-2023-25811 MEDIUM

CVE-2023-25811: Persistent Cross site scripting (XSS) in Uptime Kuma

Vendor Louislam

Product uptime-kuma

Weakness CWE-79 · XSS

Published February 21, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

February 21, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-25811 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-11994 Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting CVE-2024-6374 lahirudanushka School Management System Subject Page subject.php cross site scripting CVE-2022-23056 ERPNext - Stored XSS leads to account takover CVE-2024-3944 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments CVE-2024-2183 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget