CVE-2020-28919 - Vulnerability Details

Vendors	Products
Checkmk	Checkmk

Link	Providers
https://checkmk.com/check_mk-werks.php?werk_id=11501
https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html
https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04
https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-15T16:34:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://checkmk.com/check_mk-werks.php?werk_id=11501"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"}, {"tags": ["x_refsource_MISC"], "url": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28919", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://checkmk.com/check_mk-werks.php?werk_id=11501", "refsource": "MISC", "url": "https://checkmk.com/check_mk-werks.php?werk_id=11501"}, {"name": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04", "refsource": "MISC", "url": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"}, {"name": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6", "refsource": "MISC", "url": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"}, {"name": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html", "refsource": "MISC", "url": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:41:00.128Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://checkmk.com/check_mk-werks.php?werk_id=11501"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28919", "datePublished": "2022-01-15T16:34:59", "dateReserved": "2020-11-18T00:00:00", "dateUpdated": "2024-08-04T16:41:00.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-01-15T16:34:59 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-28919 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

refsource : MISC (string)

url : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

}

1 : { »

name : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

refsource : MISC (string)

url : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

}

2 : { »

name : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

refsource : MISC (string)

url : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

}

3 : { »

name : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

refsource : MISC (string)

url : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T16:41:00.128Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-28919 (string)

datePublished : 2022-01-15T16:34:59 (string)

dateReserved : 2020-11-18T00:00:00 (string)

dateUpdated : 2024-08-04T16:41:00.128Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "5D63367A-3B90-462E-B6AD-1CB5721FD45E", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*", "matchCriteriaId": "E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*", "matchCriteriaId": "1638594A-84F1-44F6-BB30-D4CC73ECDA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*", "matchCriteriaId": "7B2757BF-E3B7-487A-8929-0208D3B0D3CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*", "matchCriteriaId": "F01E79D2-EFA4-4A7E-A286-3E86F52B429D", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*", "matchCriteriaId": "D12A6070-0542-4293-AE13-85D4E81E1672", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*", "matchCriteriaId": "6AF633FE-DE7C-4548-9ED2-880E915FC33C", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*", "matchCriteriaId": "F15190EF-E3F5-4AD1-B748-C0E63C8CB741", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*", "matchCriteriaId": "30F84B89-7EC6-44E6-A164-4C170379D55C", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*", "matchCriteriaId": "DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*", "matchCriteriaId": "71CF8EFD-17F6-4D9A-961A-4B949A6C8B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*", "matchCriteriaId": "B04DC2A8-CF05-4FB2-AE2F-AE07943B998D", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*", "matchCriteriaId": "1F3BECA6-983C-436E-A635-4E1FB9080E56", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*", "matchCriteriaId": "51A9A2B4-3693-490A-94E2-64E1DB795646", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*", "matchCriteriaId": "C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*", "matchCriteriaId": "EC41CC5F-F088-4E65-B076-35665F0F6C7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p17:*:*:*:*:*:*", "matchCriteriaId": "D599652E-9F70-4F9E-B8E9-99AB09EE851B", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p18:*:*:*:*:*:*", "matchCriteriaId": "6DABDE38-A3AF-4DD2-928A-8B3A0AA054A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*", "matchCriteriaId": "D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*", "matchCriteriaId": "9CCE5845-1B77-4E97-B508-41400F4E1F31", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*", "matchCriteriaId": "3FCED94F-7683-40FE-B511-F1F49CDD1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*", "matchCriteriaId": "0C4E70EC-3D46-40CE-AD59-597EFD721014", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*", "matchCriteriaId": "12E695A8-9A1E-4D7A-AB3B-AAC2CF777773", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*", "matchCriteriaId": "653632A8-E700-404A-ADB2-B3A50253ECB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*", "matchCriteriaId": "60733789-DDA3-4819-A9F1-70B76AC715CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*", "matchCriteriaId": "D90DBA66-EF97-4CE9-AD4C-3A82F70D2250", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en Checkmk versiones 1.6.0x anteriores a 1.6.0p19, permite a un atacante remoto autenticado inyectar JavaScript arbitrario por medio de una URL en el t\u00edtulo de una vista"}], "id": "CVE-2020-28919", "lastModified": "2024-11-21T05:23:17.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-15T17:15:08.283", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://checkmk.com/check_mk-werks.php?werk_id=11501"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://checkmk.com/check_mk-werks.php?werk_id=11501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 5D63367A-3B90-462E-B6AD-1CB5721FD45E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:* (string)

matchCriteriaId : E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:* (string)

matchCriteriaId : 1638594A-84F1-44F6-BB30-D4CC73ECDA38 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:* (string)

matchCriteriaId : 7B2757BF-E3B7-487A-8929-0208D3B0D3CE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:* (string)

matchCriteriaId : F01E79D2-EFA4-4A7E-A286-3E86F52B429D (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:* (string)

matchCriteriaId : D12A6070-0542-4293-AE13-85D4E81E1672 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:* (string)

matchCriteriaId : 6AF633FE-DE7C-4548-9ED2-880E915FC33C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:* (string)

matchCriteriaId : F15190EF-E3F5-4AD1-B748-C0E63C8CB741 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:* (string)

matchCriteriaId : 30F84B89-7EC6-44E6-A164-4C170379D55C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:* (string)

matchCriteriaId : DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:* (string)

matchCriteriaId : 71CF8EFD-17F6-4D9A-961A-4B949A6C8B61 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:* (string)

matchCriteriaId : B04DC2A8-CF05-4FB2-AE2F-AE07943B998D (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:* (string)

matchCriteriaId : 1F3BECA6-983C-436E-A635-4E1FB9080E56 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:* (string)

matchCriteriaId : 51A9A2B4-3693-490A-94E2-64E1DB795646 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:* (string)

matchCriteriaId : C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:* (string)

matchCriteriaId : EC41CC5F-F088-4E65-B076-35665F0F6C7E (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p17:*:*:*:*:*:* (string)

matchCriteriaId : D599652E-9F70-4F9E-B8E9-99AB09EE851B (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p18:*:*:*:*:*:* (string)

matchCriteriaId : 6DABDE38-A3AF-4DD2-928A-8B3A0AA054A8 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:* (string)

matchCriteriaId : D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:* (string)

matchCriteriaId : 9CCE5845-1B77-4E97-B508-41400F4E1F31 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:* (string)

matchCriteriaId : 3FCED94F-7683-40FE-B511-F1F49CDD1F73 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:* (string)

matchCriteriaId : 0C4E70EC-3D46-40CE-AD59-597EFD721014 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:* (string)

matchCriteriaId : 12E695A8-9A1E-4D7A-AB3B-AAC2CF777773 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:* (string)

matchCriteriaId : 653632A8-E700-404A-ADB2-B3A50253ECB0 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:* (string)

matchCriteriaId : 60733789-DDA3-4819-A9F1-70B76AC715CB (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:* (string)

matchCriteriaId : D90DBA66-EF97-4CE9-AD4C-3A82F70D2250 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en Checkmk versiones 1.6.0x anteriores a 1.6.0p19, permite a un atacante remoto autenticado inyectar JavaScript arbitrario por medio de una URL en el título de una vista (string)

}

]

id : CVE-2020-28919 (string)

lastModified : 2024-11-21T05:23:17.723 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-01-15T17:15:08.283 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://checkmk.com/check_mk-werks.php?werk_id=11501 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object