VYPR
Unrated severityNVD Advisory· Published Aug 26, 2024· Updated Aug 26, 2024

XSS in view page with SLA column

CVE-2024-38859

Description

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Checkmk/Checkmkllm-fuzzy2 versions
    >=2.0.0, <=2.0.0 (EOL) | <2.1.0p47 | <2.2.0p33 | <2.3.0p14+ 1 more
    • (no CPE)range: >=2.0.0, <=2.0.0 (EOL) | <2.1.0p47 | <2.2.0p33 | <2.3.0p14
    • (no CPE)range: 2.3.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.