CVE-2026-5808

216.73.217.22

· Published 08/04/2026 22:16 · Modified 08/04/2026 22:16

Labels: CVE-2026-5808 2026-04-08 CVE-2026-5808 CWE-79 [email protected]

Essential information

Published: 08/04/2026 22:16
Modified: 08/04/2026 22:16
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The patch is identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
openstatushq / openstatus	`cpe:2.3:a:openstatushq:openstatus::::::::`