Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-20915

Опубликовано: 31 мар. 2026
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*

EPSS

Процентиль: 8%
0.00027
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2026-20915

CVSS3: 5.4
ubuntu
4 дня назад

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

debian логотип

CVE-2026-20915

CVSS3: 5.4
debian
6 дней назад

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) befo ...

github логотип

GHSA-c37f-qch7-r2cg

CVSS3: 5.4
github
6 дней назад

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

EPSS

Процентиль: 8%
0.00027
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79