CVE-2024-28832

{"id": "CVE-2024-28832", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@checkmk.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2024-06-25T12:15:09.713", "references": [{"url": "https://checkmk.com/werk/17024", "source": "security@checkmk.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@checkmk.com", "description": [{"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings."}, {"lang": "es", "value": "XSS almacenado en la p\u00e1gina Informe de fallos en Checkmk antes de las versiones 2.3.0p7, 2.2.0p28, 2.1.0p45 y 2.0.0 (EOL) permite a los usuarios con permiso para cambiar la configuraci\u00f3n global para ejecutar scripts arbitrarios inyectando elementos HTML en la URL del informe de fallos en la configuraci\u00f3n global."}], "lastModified": "2024-06-25T12:24:17.873", "sourceIdentifier": "security@checkmk.com"}