CVE-2024-28831
25.06.2024, 12:15
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 𝑥 ≤ 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0:b1 |
| checkmk | checkmk | 2.2.0:b2 |
| checkmk | checkmk | 2.2.0:b3 |
| checkmk | checkmk | 2.2.0:b4 |
| checkmk | checkmk | 2.2.0:b5 |
| checkmk | checkmk | 2.2.0:b6 |
| checkmk | checkmk | 2.2.0:b7 |
| checkmk | checkmk | 2.2.0:b8 |
| checkmk | checkmk | 2.2.0:i1 |
| checkmk | checkmk | 2.2.0:p1 |
| checkmk | checkmk | 2.2.0:p10 |
| checkmk | checkmk | 2.2.0:p11 |
| checkmk | checkmk | 2.2.0:p12 |
| checkmk | checkmk | 2.2.0:p13 |
| checkmk | checkmk | 2.2.0:p14 |
| checkmk | checkmk | 2.2.0:p15 |
| checkmk | checkmk | 2.2.0:p16 |
| checkmk | checkmk | 2.2.0:p17 |
| checkmk | checkmk | 2.2.0:p18 |
| checkmk | checkmk | 2.2.0:p19 |
| checkmk | checkmk | 2.2.0:p2 |
| checkmk | checkmk | 2.2.0:p20 |
| checkmk | checkmk | 2.2.0:p21 |
| checkmk | checkmk | 2.2.0:p22 |
| checkmk | checkmk | 2.2.0:p23 |
| checkmk | checkmk | 2.2.0:p24 |
| checkmk | checkmk | 2.2.0:p25 |
| checkmk | checkmk | 2.2.0:p26 |
| checkmk | checkmk | 2.2.0:p27 |
| checkmk | checkmk | 2.2.0:p3 |
| checkmk | checkmk | 2.2.0:p4 |
| checkmk | checkmk | 2.2.0:p5 |
| checkmk | checkmk | 2.2.0:p6 |
| checkmk | checkmk | 2.2.0:p7 |
| checkmk | checkmk | 2.2.0:p8 |
| checkmk | checkmk | 2.2.0:p9 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0:b1 |
| checkmk | checkmk | 2.3.0:b2 |
| checkmk | checkmk | 2.3.0:b3 |
| checkmk | checkmk | 2.3.0:b4 |
| checkmk | checkmk | 2.3.0:b5 |
| checkmk | checkmk | 2.3.0:b6 |
| checkmk | checkmk | 2.3.0:p1 |
| checkmk | checkmk | 2.3.0:p2 |
| checkmk | checkmk | 2.3.0:p3 |
| checkmk | checkmk | 2.3.0:p4 |
| checkmk | checkmk | 2.3.0:p5 |
| checkmk | checkmk | 2.3.0:p6 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.