CVE-2014-2329

Published: Aug 31, 2015Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.

Affected (2)

Products: Check Mk Project: Check Mk

Check Mk Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Check Mk Project Check Mk	Up to 1.2.2
Check Mk Project Check Mk	Up to 1.2.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/archive/1/531594

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531656

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531594

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/531656

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.