CVE-2026-5808
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/04/2026
Last modified:
08/04/2026
Description
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The patch is identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://gist.github.com/TrebledJ/ab83abb1ca7ff6c1f39e16a37020f323
- https://github.com/openstatusHQ/openstatus/
- https://github.com/openstatusHQ/openstatus/commit/43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb
- https://github.com/openstatusHQ/openstatus/pull/1981
- https://vuldb.com/submit/787321
- https://vuldb.com/vuln/356245
- https://vuldb.com/vuln/356245/cti