Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-9781

Опубликовано: 21 июн. 2017
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:check_mk_project:check_mk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p5:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00398
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2017-9781

CVSS3: 6.1
ubuntu
больше 8 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.

debian логотип

CVE-2017-9781

CVSS3: 6.1
debian
больше 8 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions ...

github логотип

GHSA-85cm-vx4m-p4x4

CVSS3: 6.1
github
больше 3 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.

EPSS

Процентиль: 60%
0.00398
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79