FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-38859

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Aug 26, 2024 / Updated: 2mo ago

010
CVSS 4.8EPSS 0.04%Medium
CVE info copied to clipboard

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-38859. See article

Aug 26, 2024 at 2:20 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 26, 2024 at 2:20 PM
Static CVE Timeline Graph

Affected Systems

Checkmk/checkmk
+null more

Attack Patterns

CAPEC-18: XSS Targeting Non-Script Elements
+null more

News

Update Mon Sep 2 22:50:17 UTC 2024
Recent Commits to cve:main / 2mo
Update Mon Sep 2 22:50:17 UTC 2024
Update Sun Sep 1 14:36:31 UTC 2024
Recent Commits to cve:main / 2mo
Update Sun Sep 1 14:36:31 UTC 2024
NA - CVE-2024-38859 - XSS in the view page with the SLA column...
Security-Database Alerts Monitor : Last 100 Alerts / 2mo
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML...
CVE-2024-38859
INCIBE-CERT - Vulnerabilities RSS / 2mo
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
CVE-2024-38859
Updated CVEs from Tenable / 2mo
Medium Severity Description XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. Read more at https://www.tenable.com/cve/CVE-2024-38859
See 5 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-80(307)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial