Published: 25/03/2022 Updated: 04/04/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an malicious user to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tribe29 checkmk
tribe29 checkmk 1.6.0
tribe29 checkmk 1.6.0b10
tribe29 checkmk 1.6.0b11
tribe29 checkmk 1.6.0p10
tribe29 checkmk 1.6.0p17
tribe29 checkmk 1.6.0p18

Several security issues were fixed in Checkmk ...

CVE-2021-40906 - Reflected XSS in an unauthenticated zone Application: CheckMK Management Web Console Software Revision: From 150 to 150p25 Author: Edgar Augusto Loyola Torres Attack type: Reflected XSS Solution: Update to Software Revision 160p26 or later Summary: CheckMK Raw Edition software (versions 150 to 160) does not sanitise the input of a web service paramet

CWE-79 http://checkmk.com https://github.com/Edgarloyola/CVE-2021-40906 https://ubuntu.com/security/notices/USN-5527-1 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-40906

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect