{"id":"CVE-2023-26776","details":"Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.","modified":"2026-07-08T07:34:19.003214635Z","published":"2023-04-04T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26776.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/171705/Monitorr-1.7.6-Cross-Site-Scripting.html"},{"type":"WEB","url":"https://github.com/Monitorr"},{"type":"WEB","url":"https://github.com/Monitorr/Monitorr/blob/3ebfd915bfb02aae2ded08c5e4ba6b1bea3009f2/assets/php/post_receiver-services.php"},{"type":"WEB","url":"https://twitter.com/retrymp3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26776.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26776"},{"type":"PACKAGE","url":"https://github.com/Monitorr/Monitorr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/monitorr/monitorr","events":[{"introduced":"00f34f49ef772271a59e0b8e70523997ad0a6581"},{"last_affected":"00f34f49ef772271a59e0b8e70523997ad0a6581"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.7.6m"},{"last_affected":"1.7.6m"}]}}],"versions":["1.7.6m"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26776.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}