EUVD-2026-11720
GHSA-wvh5-6vjm-23qh
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
4Description
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary JavaScript. Any field that renders markdown (incident descriptions, status page announcements, monitor notes) is vulnerable. This vulnerability is fixed in 10.0.23.
Analysis
Cross-site scripting (XSS) vulnerability in OneUptime monitoring platform versions prior to 10.0.23, where the Markdown viewer component renders Mermaid diagrams with insecure settings that allow arbitrary JavaScript execution. An authenticated attacker with low privileges can inject malicious JavaScript through any markdown field (incident descriptions, status pages, monitor notes), potentially compromising other users' sessions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OneUptime instances and confirm versions affected (pre-10.0.23). Within 7 days: Implement input validation and output encoding controls for markdown fields; restrict markdown/Mermaid diagram rendering to trusted users only; enable audit logging for markdown field modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today