← Back

CVE-2017-11507

nvd nist
Published: Dec 11, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Affected (56)

Check Mk Project
1 product
Check Mk
Configuration A
56 vulnerable
Vulnerable SoftwareAffected Versions
Check Mk Project
Check Mk
Version 1.2.8
Check Mk
Version 1.2.8 b10
Check Mk
Version 1.2.8 b11
Check Mk
Version 1.2.8 b1
Check Mk
Version 1.2.8 b2
Check Mk
Version 1.2.8 b3
Check Mk
Version 1.2.8 b4
Check Mk
Version 1.2.8 b5
Check Mk
Version 1.2.8 b6
Check Mk
Version 1.2.8 b7
Check Mk
Version 1.2.8 b8
Check Mk
Version 1.2.8 b9
Check Mk
Version 1.2.8 p10
Check Mk
Version 1.2.8 p11
Check Mk
Version 1.2.8 p12
Check Mk
Version 1.2.8 p13
Check Mk
Version 1.2.8 p14
Check Mk
Version 1.2.8 p15
Check Mk
Version 1.2.8 p16
Check Mk
Version 1.2.8 p17
Check Mk
Version 1.2.8 p18
Check Mk
Version 1.2.8 p19
Check Mk
Version 1.2.8 p1
Check Mk
Version 1.2.8 p20
Check Mk
Version 1.2.8 p21
Check Mk
Version 1.2.8 p22
Check Mk
Version 1.2.8 p23
Check Mk
Version 1.2.8 p24
Check Mk
Version 1.2.8 p25
Check Mk
Version 1.2.8 p2
Check Mk
Version 1.2.8 p3
Check Mk
Version 1.2.8 p4
Check Mk
Version 1.2.8 p5
Check Mk
Version 1.2.8 p6
Check Mk
Version 1.2.8 p7
Check Mk
Version 1.2.8 p8
Check Mk
Version 1.2.8 p9
Check Mk
Version 1.4.0
Check Mk
Version 1.4.0 b1
Check Mk
Version 1.4.0 b2
Check Mk
Version 1.4.0 b3
Check Mk
Version 1.4.0 b4
Check Mk
Version 1.4.0 b5
Check Mk
Version 1.4.0 b6
Check Mk
Version 1.4.0 b7
Check Mk
Version 1.4.0 b8
Check Mk
Version 1.4.0 b9
Check Mk
Version 1.4.0 p1
Check Mk
Version 1.4.0 p2
Check Mk
Version 1.4.0 p3
Check Mk
Version 1.4.0 p4
Check Mk
Version 1.4.0 p5
Check Mk
Version 1.4.0 p6
Check Mk
Version 1.4.0 p7
Check Mk
Version 1.4.0 p8
Check Mk
Version 1.4.0 p9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: vulnreport@tenable.com
Vendor Advisory
Source: vulnreport@tenable.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.