Published: 11/12/2017 Updated: 26/12/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x before 1.2.8p25 and 1.4.0x before 1.4.0p9, allowing an unauthenticated malicious user to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
check mk project check mk 1.4.0
check mk project check mk 1.2.8

A cross site scripting (XSS) vulnerability exists in Check_MK versions 128x prior to 128p25 and 140x prior to 140p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal ...

CWE-79 https://www.tenable.com/security/research/tra-2017-20 http://mathias-kettner.com/check_mk_werks.php?werk_id=7661 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-11507

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-11507

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect