CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28919

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://checkmk.com/check_mk-werks.php?werk_id=11501
https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html
https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04
https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6
https://checkmk.com/check_mk-werks.php?werk_id=11501
https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html
https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04
https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6

Products affected by CVE-2020-28919

Checkmk » Checkmk » Version: 1.6.0

cpe:2.3:a:checkmk:checkmk:1.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28919

Products

Pricing

Contact Us