5.4

CVE-2020-28919

Exploit
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckmkCheckmk Version1.6.0 Update-
CheckmkCheckmk Version1.6.0 Updateb1
CheckmkCheckmk Version1.6.0 Updateb10
CheckmkCheckmk Version1.6.0 Updateb12
CheckmkCheckmk Version1.6.0 Updateb3
CheckmkCheckmk Version1.6.0 Updateb4
CheckmkCheckmk Version1.6.0 Updateb5
CheckmkCheckmk Version1.6.0 Updateb9
CheckmkCheckmk Version1.6.0 Updatep1
CheckmkCheckmk Version1.6.0 Updatep10
CheckmkCheckmk Version1.6.0 Updatep11
CheckmkCheckmk Version1.6.0 Updatep12
CheckmkCheckmk Version1.6.0 Updatep13
CheckmkCheckmk Version1.6.0 Updatep14
CheckmkCheckmk Version1.6.0 Updatep15
CheckmkCheckmk Version1.6.0 Updatep16
CheckmkCheckmk Version1.6.0 Updatep17
CheckmkCheckmk Version1.6.0 Updatep18
CheckmkCheckmk Version1.6.0 Updatep2
CheckmkCheckmk Version1.6.0 Updatep3
CheckmkCheckmk Version1.6.0 Updatep4
CheckmkCheckmk Version1.6.0 Updatep5
CheckmkCheckmk Version1.6.0 Updatep6
CheckmkCheckmk Version1.6.0 Updatep7
CheckmkCheckmk Version1.6.0 Updatep8
CheckmkCheckmk Version1.6.0 Updatep9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.457
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.