CVE-2017-11507 -- check-mk-agentID: oval:org.secpod.oval:def:1901682 | Date: (C)2019-03-22 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
A cross site scripting vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 14.04 |
Ubuntu 18.04 |