Cross Site Scripting (XSS) Vulnerability in Check_MK Versions 1.2.8x and 1.4.0x

Cross Site Scripting (XSS) Vulnerability in Check_MK Versions 1.2.8x and 1.4.0x

CVE-2017-11507 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Learn more about our Cis Benchmark Audit For Server Software.