CVE-2020-28919

MEDIUM

Checkmk < 1.6.0p19 - Authenticated Stored Cross-Site Scripting via View Title

Title source: llm
STIX 2.1

Description

A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.

Scores

CVSS v3 5.4
EPSS 0.0108
EPSS Percentile 60.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
checkmk/checkmk 1.6.0 (26 CPE variants)
Published Jan 15, 2022
Tracked Since Feb 18, 2026