A stored cross‑site scripting vulnerability exists in Checkmk’s global settings change log. An administrator with permission to modify global settings can insert malicious HTML or JavaScript into log entries. When other users view the Activate Changes page or Audit log, the injected code runs in their browsers.

The vulnerability affects Checkmk from Checkmk GmbH. Versions prior to 2.5.0p5, prior to 2.4.0p31, prior to 2.3.0p48, and any 2.2.0 release are impacted.

The CVSS score is 4.8, representing moderate severity. EPSS data is unavailable, and the vulnerability is not listed in CISA KEV. Exploitation requires an administrator account able to modify global settings, so privilege escalation or insider threat is necessary. With the required permissions, the flaw can be easily exploited by changing change‑log entries.