Lucene search
HistoryJun 25, 2024 - 12:15 p.m.
CVE-2024-28831
stored xss
checkmk
arbitrary scripts
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
9.1%
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
References
Related
ubuntucve
ubuntucve
CVE-2024-28831
2024-06-25 00:00:00
vulnrichment
vulnrichment
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
cve
cve
CVE-2024-28831
2024-06-25 12:15:09
cvelist
cvelist
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
osv
osv
CVE-2024-28831
2024-06-25 12:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
9.1%
Related for NVD:CVE-2024-28831