← back
CVE-2024-28832

XSS in Crash Report Page

CVSS 4.8 MEDIUMEPSS 0.3%CWE-80
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
Checkmk GmbH · Checkmk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://checkmk.com/werk/17024