CNNVD-202508-2041 Information

CNNVD ID

CNNVD-202508-2041

Related CVE

CVE-2025-55300

• CNNVD Published: 2025-08-18

Description (Chinese)

Komari是Komari Moniter开源的一个简单的服务器监控工具。 Komari 1.0.4-fix1之前版本存在跨站脚本漏洞，该漏洞源于WebSocket升级器禁用来源检查，可能导致跨站WebSocket劫持和远程代码执行。

Description (English)

Komari is a simple server monitoring tool for Komari Monitor open source. The previous version of Komari 1.0.4-fix1 had a cross-site script loophole, which originated from the banned source check of the WebSocket upgradeer and could lead to the cross-site WebSocket hijacking and remote code execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Komari Moniter

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h https://github.com/komari-monitor/komari/commit/d31d12e59febce100ab0285b93338f09aa5d6cb1 https://nvd.nist.gov/vuln/detail/CVE-2025-55300

Patch

https://github.com/komari-monitor/komari/releases