Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability

CheckMK is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; i...

Cross site scripting

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...