Check_MK < 1.4.0p6 webapi.py XSS

The version of CheckMK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site XSS scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploi...

Mathias Kettner Check_MK Cross-Site Scripting Vulnerability

Mathias Kettner CheckMK is an open-source, general-purpose Nagios/Icinga monitoring system data collection plug-in from Mathias Kettner, Germany, which collects data from operating system and network components by employing a new methodology and supports the automated detection of monitoring item...

CVE-2017-9781

A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...