Lucene search
CheckmkCVE-2024-28831HistoryJun 25, 2024 - 12:15 p.m.
CVE-2024-28831
2024-06-2512:15:09
CWE-80
Checkmk
web.nvd.nist.gov
30
stored xss
checkmk
html injection
security vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.1%
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.3.0p7",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.2.0p28",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
]References
Related
ubuntucve
ubuntucve
CVE-2024-28831
2024-06-25 00:00:00
vulnrichment
vulnrichment
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
nvd
nvd
CVE-2024-28831
2024-06-25 12:15:09
cvelist
cvelist
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
osv
osv
CVE-2024-28831
2024-06-25 12:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.1%
Related for CVE-2024-28831