Cross-Site Scripting Vulnerability in openstatusHQ Openstatus Onboarding Endpoint
CVE-2026-5808

5.3MEDIUM

Key Information:

Vendor

Openstatushq

Status
Openstatus
Vendor
CVE Published:
8 April 2026

What is CVE-2026-5808?

A cross-site scripting vulnerability has been discovered in the Onboarding Endpoint of openstatusHQ's product, affecting versions up to 1b678e71a85961ae319cbb214a8eae634059330c. This vulnerability arises from improper handling of a callbackURL argument in the client.tsx file. Attackers can exploit this weakness to execute malicious scripts in the context of a user's session, potentially leading to unauthorized access or data theft. Users are advised to apply the patch identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb promptly to remediate this issue. The vendor has shown professionalism in addressing the concern and has released a fixed version swiftly.

Affected Version(s)

openstatus 1b678e71a85961ae319cbb214a8eae634059330c

References

https://vuldb.com/vuln/356245
vdb-entrytechnical-description
https://vuldb.com/vuln/356245/cti
signaturepermissions-required
https://vuldb.com/submit/787321
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

trebledj (VulDB User)
VulDB CNA Team
.