CVE-2024-28832 MEDIUM

CVE-2024-28832: XSS in Crash Report Page

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-80 · XSS · basic
Published June 25, 2024
Last update August 2, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 2, 2024 Record updated