- Description
- The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.
- Source
- bbf0bd87-ece2-41be-b873-96928ee8fab9
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- bbf0bd87-ece2-41be-b873-96928ee8fab9
- CWE-79
- Hype score
- Not currently trending
CVE-2024-13722: KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting https://t.co/Mk5ZUn6dta CVE-2024-13723: KL-001-2025-002: Checkmk NagVis Remote Code Execution https://t.co/zVCKX32Rjx Attacker with administrative privileges is able to upload a malicious PHP file
@oss_security
5 Feb 2025
196 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13722 The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript i… https://t.co/Dvt2Eze4bz
@CVEnew
4 Feb 2025
344 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes