CVE-2026-20915

High CVSS: 8.5

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

Vendor

Checkmk

Product

Checkmk

CWE

CWE-79

Yayın Tarihi

2026-03-31 15:16:11

Güncelleme

2026-04-02 12:06:00

Source Identifier

security@checkmk.com

KEV Date Added

Kategoriler

CWE-79 Checkmk HIGH Checkmk 2026

Referanslar

https://checkmk.com/werk/19526

Benzer Kayıtlar

High

CVE-2026-33276

Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to c…

Medium

CVE-2026-2859

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows…

Medium

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows…

Medium

CVE-2026-3103

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions

High

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker…

Low

CVE-2025-65000

SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk