Lucene search
HistoryJun 25, 2024 - 12:15 p.m.
CVE-2024-28831
stored xss
checkmk
arbitrary scripts
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
9.1%
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
References
Related
vulnrichment
vulnrichment
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
cve
cve
CVE-2024-28831
2024-06-25 12:15:09
cvelist
cvelist
CVE-2024-28831 XSS in confirmation pop-up
2024-06-25 11:45:27
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
9.1%
Related for NVD:CVE-2024-28831