Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-11507

Опубликовано: 11 дек. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

needed

esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
esm-infra/focal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 57%
0.00351
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-11507

CVSS3: 6.1
redhat
больше 8 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

nvd логотип

CVE-2017-11507

CVSS3: 6.1
nvd
около 8 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

debian логотип

CVE-2017-11507

CVSS3: 6.1
debian
около 8 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions ...

github логотип

GHSA-gg6p-3mxx-fqcj

CVSS3: 6.1
github
больше 3 лет назад

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

EPSS

Процентиль: 57%
0.00351
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3