Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CheckMK Raw Edition 跨站脚本漏洞
Vulnerability Description
tribe29 CheckMK Raw Edition是德国tribe29公司的一个全面灵活的 IT 监控系统。 CheckMK Raw Edition 存在安全漏洞,该漏洞允许攻击者在设备上打开带有 HTML 内容并由浏览器解释(例如 JavaScript 或其他客户端脚本)的后门,或者窃取之前通过网络中的人进行身份验证的用户的会话 cookie。
CVSS Information
N/A
Vulnerability Type
N/A