EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Locutus vulnerable to RCE via unsanitized input in create_function Severity: critical Identifiers: [{"cve_id": "CVE-2026-32304"}, {"identifiers": [{"value": "GHSA-vh9h-29pq-r5m8", "type": "GHSA"}, {"value": "CVE-2026-32304", "type": "CVE"}]}].

github
stored_xss
Evidence locked
Today's free sample is only available for the edition's flagship signal.
BackUnlock Pro
Evidence preview
  • Statamic vulnerable to privilege escalation via stored cross-site scripting
    github_advisories
  • Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process
    github_advisories
  • OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")
    github_advisories
  • Locutus vulnerable to RCE via unsanitized input in create_function()
    github_advisories