In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-23T10:52:06

Updated: 2024-08-03T04:13:56.692Z

Reserved: 2022-02-07T00:00:00

Link: CVE-2022-24566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-02-24T15:15:29.553

Modified: 2024-07-23T19:37:16.630

Link: CVE-2022-24566

cve-icon Redhat

No data.