CVE-2020-28919

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
15/01/2022
Last modified:
23/07/2024

Description

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*