HomePentest-Tools.com Logo

Check_MK XSS Vulnerability CVE-2017-11507

Severity
CVSSv3 Score
6.1
Vulnerability description

Check_MK is prone to a cross-site scripting vulnerability.

Risk description

A cross site scripting (XSS) vulnerability exists in Check_MK, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Recommendation

Update to version 1.2.8p25, 1.4.0p9 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 11, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available