A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-06-21 18:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-9781
Mitre link : CVE-2017-9781
CVE.ORG link : CVE-2017-9781
JSON object : View
Products Affected
check_mk_project
- check_mk
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')