Openstatus

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-5808 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in openstatusHQ openstatus allows unauthenticated remote attackers to inject malicious scripts via the callbackURL parameter in the Onboarding Endpoint component. The vulnerability affects the onboarding client functionality and requires user interaction to exploit. Vendor has released a patched version (commit 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb), and no public exploit code is currently identified.

XSS Openstatus

NVD VulDB GitHub

CVSS 4.0

5.3

EPSS

0.0%

CVE-2026-5808

EPSS 0% CVSS 5.3

MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in openstatusHQ openstatus allows unauthenticated remote attackers to inject malicious scripts via the callbackURL parameter in the Onboarding Endpoint component. The vulnerability affects the onboarding client functionality and requires user interaction to exploit. Vendor has released a patched version (commit 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb), and no public exploit code is currently identified.

XSS Openstatus

NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy