Lucene search
CheckmkVULNRICHMENT:CVE-2024-38858HistorySep 02, 2024 - 9:16 a.m.
CVE-2024-38858 Cross-site scripting in Robotmk logs view
2024-09-0209:16:40
CWE-79
Checkmk
github.com
2
cross-site scripting
robotmk logs
improper neutralization
checkmk
version 2.3.0p14
CVSS4
2.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/SC:L/VI:N/SI:L/VA:N/SA:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
References
Related
cvelist
cvelist
CVE-2024-38858 Cross-site scripting in Robotmk logs view
2024-09-02 09:16:40
nvd
nvd
CVE-2024-38858
2024-09-02 12:15:19
cve
cve
CVE-2024-38858
2024-09-02 12:15:19
CVSS4
2.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/SC:L/VI:N/SI:L/VA:N/SA:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-38858