HomePentest-Tools.com Logo

Check MK 2.0.x < 2.0.0p20 XSS Vulnerability CVE-2022-24564

Severity
CVSSv3 Score
6.1
Vulnerability description

Check MK is prone to a cross-site scripting (XSS) vulnerability in custom user attributes.

Risk description

While creating or editing a user attribute the Help Text is subject to HTML injection. Which can be triggered editing a user.

Recommendation

Update to version 2.0.0p20 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 21, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available