CVE-2024-13722

MEDIUM

NagVis 1.9.40-1.9.41 and Checkmk 2.3.0p2-2.3.0p9 - Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Description

The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.

Scores

CVSS v3 5.4
EPSS 0.0056
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
Checkmk/NagVis Checkmk 2.3.0p2 - 2.3.0p10
Checkmk/NagVis NagVis 1.9.40 - 1.9.42
Published Feb 04, 2025
Tracked Since Feb 18, 2026