A stored cross‑site scripting flaw exists in the URL dashboard widget of Checkmk, allowing a user with dashboard editing privileges to insert a URL that employs a dangerous URI scheme such as javascript:. When another user views the dashboard, the malicious script executes in their browser. This defect is classified as CWE‑79 and can lead to session hijacking, credential theft, or delivery of further malware to affected clients.

The vulnerability affects Checkmk products from Checkmk GmbH. Versions lower than 2.5.0p5, 2.4.0p31, and 2.3.0p48, as well as all 2.2.0 releases, are impacted. The affected product is the Checkmk monitoring platform that hosts user‑editable dashboards.

The vulnerability carries a CVSS score of 8.5, indicating high severity. No EPSS score is available, but the defect is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires that an attacker possesses legitimate dashboard editing rights; the attacker can then embed a malicious URL that triggers script execution only when another user opens the dashboard. Because the attack is confined to the client side, it does not directly compromise the Checkmk server, but it can compromise the security of all users who have access to the affected dashboards.