Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
References
Link | Resource |
---|---|
https://checkmk.com/werk/17024 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Checkmk
Published: 2024-06-25T11:45:33.371Z
Updated: 2024-06-26T17:07:00.337Z
Reserved: 2024-03-11T13:21:43.122Z
Link: CVE-2024-28832
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-25T12:15:09.713
Modified: 2024-06-25T12:24:17.873
Link: CVE-2024-28832
JSON object: View
Redhat Information
No data.
CWE