6.1
CVE-2017-11507
- EPSS 0.35%
- Veröffentlicht 11.12.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle vulnreport@tenable.com
- CVE-Watchlists
- Unerledigt
LoginA cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Check Mk Project ≫ Check Mk Version1.2.8
Check Mk Project ≫ Check Mk Version1.2.8 Updateb1
Check Mk Project ≫ Check Mk Version1.2.8 Updateb10
Check Mk Project ≫ Check Mk Version1.2.8 Updateb11
Check Mk Project ≫ Check Mk Version1.2.8 Updateb2
Check Mk Project ≫ Check Mk Version1.2.8 Updateb3
Check Mk Project ≫ Check Mk Version1.2.8 Updateb4
Check Mk Project ≫ Check Mk Version1.2.8 Updateb5
Check Mk Project ≫ Check Mk Version1.2.8 Updateb6
Check Mk Project ≫ Check Mk Version1.2.8 Updateb7
Check Mk Project ≫ Check Mk Version1.2.8 Updateb8
Check Mk Project ≫ Check Mk Version1.2.8 Updateb9
Check Mk Project ≫ Check Mk Version1.2.8 Updatep1
Check Mk Project ≫ Check Mk Version1.2.8 Updatep10
Check Mk Project ≫ Check Mk Version1.2.8 Updatep11
Check Mk Project ≫ Check Mk Version1.2.8 Updatep12
Check Mk Project ≫ Check Mk Version1.2.8 Updatep13
Check Mk Project ≫ Check Mk Version1.2.8 Updatep14
Check Mk Project ≫ Check Mk Version1.2.8 Updatep15
Check Mk Project ≫ Check Mk Version1.2.8 Updatep16
Check Mk Project ≫ Check Mk Version1.2.8 Updatep17
Check Mk Project ≫ Check Mk Version1.2.8 Updatep18
Check Mk Project ≫ Check Mk Version1.2.8 Updatep19
Check Mk Project ≫ Check Mk Version1.2.8 Updatep2
Check Mk Project ≫ Check Mk Version1.2.8 Updatep20
Check Mk Project ≫ Check Mk Version1.2.8 Updatep21
Check Mk Project ≫ Check Mk Version1.2.8 Updatep22
Check Mk Project ≫ Check Mk Version1.2.8 Updatep23
Check Mk Project ≫ Check Mk Version1.2.8 Updatep24
Check Mk Project ≫ Check Mk Version1.2.8 Updatep25
Check Mk Project ≫ Check Mk Version1.2.8 Updatep3
Check Mk Project ≫ Check Mk Version1.2.8 Updatep4
Check Mk Project ≫ Check Mk Version1.2.8 Updatep5
Check Mk Project ≫ Check Mk Version1.2.8 Updatep6
Check Mk Project ≫ Check Mk Version1.2.8 Updatep7
Check Mk Project ≫ Check Mk Version1.2.8 Updatep8
Check Mk Project ≫ Check Mk Version1.2.8 Updatep9
Check Mk Project ≫ Check Mk Version1.4.0
Check Mk Project ≫ Check Mk Version1.4.0 Updateb1
Check Mk Project ≫ Check Mk Version1.4.0 Updateb2
Check Mk Project ≫ Check Mk Version1.4.0 Updateb3
Check Mk Project ≫ Check Mk Version1.4.0 Updateb4
Check Mk Project ≫ Check Mk Version1.4.0 Updateb5
Check Mk Project ≫ Check Mk Version1.4.0 Updateb6
Check Mk Project ≫ Check Mk Version1.4.0 Updateb7
Check Mk Project ≫ Check Mk Version1.4.0 Updateb8
Check Mk Project ≫ Check Mk Version1.4.0 Updateb9
Check Mk Project ≫ Check Mk Version1.4.0 Updatep1
Check Mk Project ≫ Check Mk Version1.4.0 Updatep2
Check Mk Project ≫ Check Mk Version1.4.0 Updatep3
Check Mk Project ≫ Check Mk Version1.4.0 Updatep4
Check Mk Project ≫ Check Mk Version1.4.0 Updatep5
Check Mk Project ≫ Check Mk Version1.4.0 Updatep6
Check Mk Project ≫ Check Mk Version1.4.0 Updatep7
Check Mk Project ≫ Check Mk Version1.4.0 Updatep8
Check Mk Project ≫ Check Mk Version1.4.0 Updatep9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.544 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.