CVE-2024-28832
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Published: Jun 25, 2024 / Updated: 4mo ago
010
CVSS 4.8EPSS 0.04%Medium
CVE info copied to clipboard
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2024-28832. See article
Jun 25, 2024 at 11:52 AM / CVE
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Jun 25, 2024 at 11:53 AM
CVE Assignment
NVD published the first details for CVE-2024-28832
Jun 25, 2024 at 12:15 PM
CVSS
A CVSS base score of 4.8 has been assigned.
Jun 25, 2024 at 12:20 PM / nvd
EPSS
EPSS Score was set to: 0.04% (Percentile: 9.1%)
Jun 26, 2024 at 10:51 AM
Affected Systems
Checkmk/checkmk
+null more
Attack Patterns
CAPEC-18: XSS Targeting Non-Script Elements
+null more
News
NA - CVE-2024-28832 - Stored XSS in the Crash Report page in Checkmk...
Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores Cvss vector : Cvss Base Score N/A Attack Range N/A Cvss Impact Score N/A Attack Complexity N/A Cvss Expoit Score N/A Authentication N/A Calculate full CVSS 2.0 Vectors scores
CVE-2024-28832 | Checkmk up to 2.0.0p39/2.1.0p44/2.2.0p27/2.3.0p6 Crash Report Page cross site scripting
A vulnerability classified as problematic was found in Checkmk up to 2.0.0p39/2.1.0p44/2.2.0p27/2.3.0p6 . Affected by this vulnerability is an unknown functionality of the component Crash Report Page . The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2024-28832 . The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
XSS in Crash Report Page
Checkmk Gmbh - MEDIUM - CVE-2024-28832 Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
CVE-2024-28832 - Stored XSS in the Crash Report page in Checkmk bef
CVE ID : CVE-2024-28832 Published : June 25, 2024, 12:15 p.m. 20 minutes ago Description : Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. Severity: 4.8 MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-28832
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global...
See 2 more articles and social media posts