216.73.216.226

CVE-2024-38859

· Published 26/08/2024 15:15 · Modified 26/08/2024 15:15

Labels: CVE-2024-38859 2024-08-26CVE-2024-38859CWE-80[email protected]

Essential information

Published
26/08/2024 15:15
Modified
26/08/2024 15:15
Author
Creator
CISA KEV
No
CWE

Description

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References