Vulnerabilities > Checkmk > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-24 | CVE-2022-24566 | Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 5.4 |
2022-02-21 | CVE-2022-24564 | Cross-site Scripting vulnerability in Checkmk 2.0.0 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. | 6.1 |
2022-01-15 | CVE-2020-28919 | Cross-site Scripting vulnerability in Checkmk 1.6.0 A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | 5.4 |
2021-07-26 | CVE-2021-36563 | Cross-site Scripting vulnerability in Checkmk 1.5.0/1.6.0 The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. | 5.4 |
2017-10-02 | CVE-2017-14955 | Race Condition vulnerability in Checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 5.9 |