CVE-2017-11507

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:check_mk_project:check_mk:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b10:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b11:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p10:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p11:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p12:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p13:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p14:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p15:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p16:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p17:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p18:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p19:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p20:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p21:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p22:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p23:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p24:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p25:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p9:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-11 16:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-11507

Mitre link : CVE-2017-11507

CVE.ORG link : CVE-2017-11507


JSON object : View

Products Affected

check_mk_project

  • check_mk
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')