VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Dec 11, 2017· Updated May 13, 2026

CVE-2017-11507

CVE-2017-11507

Description

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Affected products

57
  • Tenable/Check_MKv5
    Range: 1.2.8x prior to 1. 2.8p25
  • Check Mk Project/Check Mk56 versions
    cpe:2.3:a:check_mk_project:check_mk:1.2.8:b7:*:*:*:*:*:*+ 55 more
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b7:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b8:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b9:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p1:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p10:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p11:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p12:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p13:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p14:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p15:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p16:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p17:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p18:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p19:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p2:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b1:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b10:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b11:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b2:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b3:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b4:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b5:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:b6:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p25:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p3:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p4:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p5:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p6:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p7:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p8:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p9:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p20:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p21:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p22:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p23:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.2.8:p24:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b2:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b3:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b4:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b5:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b6:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b7:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b8:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b9:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p1:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p2:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p3:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p4:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p5:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p6:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p7:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p8:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:p9:*:*:*:*:*:*
    • cpe:2.3:a:check_mk_project:check_mk:1.4.0:b1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.