Vulnerabilities > Checkmk > Checkmk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-24566 | Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 5.4 |
| 2022-02-21 | CVE-2022-24564 | Cross-site Scripting vulnerability in Checkmk 2.0.0 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-01-15 | CVE-2020-28919 | Cross-site Scripting vulnerability in Checkmk 1.6.0 A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | 5.4 |
| 2017-10-02 | CVE-2017-14955 | Race Condition vulnerability in Checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 5.9 |