Check_MK < 1.4.0p6 webapi.py XSS

The version of CheckMK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site XSS scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploi...

Cross site scripting

A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...

CVE-2017-9781

A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...

CVE-2017-9781

A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...

CVE-2017-9781

CVE-2017-9781 affects Checkmk; an unauthenticated attacker could trigger cross-site scripting by supplying crafted input to the _username parameter during authentication to webapi.py, with the vulnerable behavior returning unencoded HTML. The cited advisories (USN-5527-1/2 and OSV-USN entries) de...