CVE-2017-11507: XSS
First published: Mon Dec 11 2017(Updated: )
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Check Mk Project Check Mk | =1.2.8 | |
| Check Mk Project Check Mk | =1.2.8-b1 | |
| Check Mk Project Check Mk | =1.2.8-b10 | |
| Check Mk Project Check Mk | =1.2.8-b11 | |
| Check Mk Project Check Mk | =1.2.8-b2 | |
| Check Mk Project Check Mk | =1.2.8-b3 | |
| Check Mk Project Check Mk | =1.2.8-b4 | |
| Check Mk Project Check Mk | =1.2.8-b5 | |
| Check Mk Project Check Mk | =1.2.8-b6 | |
| Check Mk Project Check Mk | =1.2.8-b7 | |
| Check Mk Project Check Mk | =1.2.8-b8 | |
| Check Mk Project Check Mk | =1.2.8-b9 | |
| Check Mk Project Check Mk | =1.2.8-p1 | |
| Check Mk Project Check Mk | =1.2.8-p10 | |
| Check Mk Project Check Mk | =1.2.8-p11 | |
| Check Mk Project Check Mk | =1.2.8-p12 | |
| Check Mk Project Check Mk | =1.2.8-p13 | |
| Check Mk Project Check Mk | =1.2.8-p14 | |
| Check Mk Project Check Mk | =1.2.8-p15 | |
| Check Mk Project Check Mk | =1.2.8-p16 | |
| Check Mk Project Check Mk | =1.2.8-p17 | |
| Check Mk Project Check Mk | =1.2.8-p18 | |
| Check Mk Project Check Mk | =1.2.8-p19 | |
| Check Mk Project Check Mk | =1.2.8-p2 | |
| Check Mk Project Check Mk | =1.2.8-p20 | |
| Check Mk Project Check Mk | =1.2.8-p21 | |
| Check Mk Project Check Mk | =1.2.8-p22 | |
| Check Mk Project Check Mk | =1.2.8-p23 | |
| Check Mk Project Check Mk | =1.2.8-p24 | |
| Check Mk Project Check Mk | =1.2.8-p25 | |
| Check Mk Project Check Mk | =1.2.8-p3 | |
| Check Mk Project Check Mk | =1.2.8-p4 | |
| Check Mk Project Check Mk | =1.2.8-p5 | |
| Check Mk Project Check Mk | =1.2.8-p6 | |
| Check Mk Project Check Mk | =1.2.8-p7 | |
| Check Mk Project Check Mk | =1.2.8-p8 | |
| Check Mk Project Check Mk | =1.2.8-p9 | |
| Check Mk Project Check Mk | =1.4.0 | |
| Check Mk Project Check Mk | =1.4.0-b1 | |
| Check Mk Project Check Mk | =1.4.0-b2 | |
| Check Mk Project Check Mk | =1.4.0-b3 | |
| Check Mk Project Check Mk | =1.4.0-b4 | |
| Check Mk Project Check Mk | =1.4.0-b5 | |
| Check Mk Project Check Mk | =1.4.0-b6 | |
| Check Mk Project Check Mk | =1.4.0-b7 | |
| Check Mk Project Check Mk | =1.4.0-b8 | |
| Check Mk Project Check Mk | =1.4.0-b9 | |
| Check Mk Project Check Mk | =1.4.0-p1 | |
| Check Mk Project Check Mk | =1.4.0-p2 | |
| Check Mk Project Check Mk | =1.4.0-p3 | |
| Check Mk Project Check Mk | =1.4.0-p4 | |
| Check Mk Project Check Mk | =1.4.0-p5 | |
| Check Mk Project Check Mk | =1.4.0-p6 | |
| Check Mk Project Check Mk | =1.4.0-p7 | |
| Check Mk Project Check Mk | =1.4.0-p8 | |
| Check Mk Project Check Mk | =1.4.0-p9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- vendor/check mk project
- canonical/check mk project check mk
- version/check mk project check mk/1.2.8
- version/check mk project check mk/1.2.8-b1
- version/check mk project check mk/1.2.8-b10
- version/check mk project check mk/1.2.8-b11
- version/check mk project check mk/1.2.8-b2
- version/check mk project check mk/1.2.8-b3
- version/check mk project check mk/1.2.8-b4
- version/check mk project check mk/1.2.8-b5
- version/check mk project check mk/1.2.8-b6
- version/check mk project check mk/1.2.8-b7
- version/check mk project check mk/1.2.8-b8
- version/check mk project check mk/1.2.8-b9
- version/check mk project check mk/1.2.8-p1
- version/check mk project check mk/1.2.8-p10
- version/check mk project check mk/1.2.8-p11
- version/check mk project check mk/1.2.8-p12
- version/check mk project check mk/1.2.8-p13
- version/check mk project check mk/1.2.8-p14
- version/check mk project check mk/1.2.8-p15
- version/check mk project check mk/1.2.8-p16
- version/check mk project check mk/1.2.8-p17
- version/check mk project check mk/1.2.8-p18
- version/check mk project check mk/1.2.8-p19
- version/check mk project check mk/1.2.8-p2
- version/check mk project check mk/1.2.8-p20
- version/check mk project check mk/1.2.8-p21
- version/check mk project check mk/1.2.8-p22
- version/check mk project check mk/1.2.8-p23
- version/check mk project check mk/1.2.8-p24
- version/check mk project check mk/1.2.8-p25
- version/check mk project check mk/1.2.8-p3
- version/check mk project check mk/1.2.8-p4
- version/check mk project check mk/1.2.8-p5
- version/check mk project check mk/1.2.8-p6
- version/check mk project check mk/1.2.8-p7
- version/check mk project check mk/1.2.8-p8
- version/check mk project check mk/1.2.8-p9
- version/check mk project check mk/1.4.0
- version/check mk project check mk/1.4.0-b1
- version/check mk project check mk/1.4.0-b2
- version/check mk project check mk/1.4.0-b3
- version/check mk project check mk/1.4.0-b4
- version/check mk project check mk/1.4.0-b5
- version/check mk project check mk/1.4.0-b6
- version/check mk project check mk/1.4.0-b7
- version/check mk project check mk/1.4.0-b8
- version/check mk project check mk/1.4.0-b9
- version/check mk project check mk/1.4.0-p1
- version/check mk project check mk/1.4.0-p2
- version/check mk project check mk/1.4.0-p3
- version/check mk project check mk/1.4.0-p4
- version/check mk project check mk/1.4.0-p5
- version/check mk project check mk/1.4.0-p6
- version/check mk project check mk/1.4.0-p7
- version/check mk project check mk/1.4.0-p8
- version/check mk project check mk/1.4.0-p9