Vulnerabilities > Checkmk > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-24566 Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
network
low complexity
checkmk CWE-79
5.4
2022-02-21 CVE-2022-24564 Cross-site Scripting vulnerability in Checkmk 2.0.0
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability.
network
low complexity
checkmk CWE-79
6.1
2022-01-15 CVE-2020-28919 Cross-site Scripting vulnerability in Checkmk 1.6.0
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
network
low complexity
checkmk CWE-79
5.4
2021-07-26 CVE-2021-36563 Cross-site Scripting vulnerability in Checkmk 1.5.0/1.6.0
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module.
network
low complexity
checkmk CWE-79
5.4
2017-10-02 CVE-2017-14955 Race Condition vulnerability in Checkmk
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
network
high complexity
checkmk CWE-362
5.9