RSS   Podatności dla 'Checkmk'   RSS

2022-02-24
 
CVE-2022-24565

CWE-79
 

 
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.

 
 
CVE-2022-24566

CWE-79
 

 
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).

 
2022-01-15
 
CVE-2020-28919

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

 
2021-02-19
 
CVE-2020-24908

NVD-CWE-Other
 

 
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.

 


Copyright 2024, cxsecurity.com

 

Back to Top