CVE-2017-11507
N/A
N/A
Summary
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tenable | Check_MK | 1.2.8x prior to 1. 2.8p25 | affected |
| Tenable | Check_MK | 1.4.0x prior to 1.4.0p9 | affected |
Weaknesses
- Stored and Reflected Cross Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://www.tenable.com/security/research/tra-2017-20
- http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
References
- https://www.tenable.com/security/research/tra-2017-20
- http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.