Download

Werk #9523: Reflected Cross Site Scripting (XSS)

Component Firmware
Title Reflected Cross Site Scripting (XSS)
Date Apr 4, 2023
Appliance Version 1.6.4
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

Prior to this Werk an attacker could send malicious links to unsuspecting users in order to inject malicious HTML code into the browser of the user.

This vulnerability was identified through a commissioned penetration test conducted by OPTIMAbit (Roman Mueller).

Vulnerability Management: We have rated the issue with a CVSS Score of 6.1 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. We assigned CVE-2023-22309 to this vulnerability.

Changes: This Werk adds escaping to URL parameter keys.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing
Checkmk Conference #10

Join us for the highlight of the year when the Checkmk Community gets together in Munich from June 11-13.

Register now