{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T08:03:21.815","vulnerabilities":[{"cve":{"id":"CVE-2020-28919","sourceIdentifier":"cve@mitre.org","published":"2022-01-15T17:15:08.283","lastModified":"2024-11-21T05:23:17.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title."},{"lang":"es","value":"Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en Checkmk versiones 1.6.0x anteriores a 1.6.0p19, permite a un atacante remoto autenticado inyectar JavaScript arbitrario por medio de una URL en el título de una vista"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*","matchCriteriaId":"5D63367A-3B90-462E-B6AD-1CB5721FD45E"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*","matchCriteriaId":"E5E2E954-B3C3-4CC0-B2C8-0E2BEEC93016"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*","matchCriteriaId":"1638594A-84F1-44F6-BB30-D4CC73ECDA38"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*","matchCriteriaId":"7B2757BF-E3B7-487A-8929-0208D3B0D3CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*","matchCriteriaId":"F01E79D2-EFA4-4A7E-A286-3E86F52B429D"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*","matchCriteriaId":"D12A6070-0542-4293-AE13-85D4E81E1672"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*","matchCriteriaId":"6AF633FE-DE7C-4548-9ED2-880E915FC33C"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*","matchCriteriaId":"F15190EF-E3F5-4AD1-B748-C0E63C8CB741"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*","matchCriteriaId":"30F84B89-7EC6-44E6-A164-4C170379D55C"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*","matchCriteriaId":"DDA94D2F-F27C-4DF6-84AE-8ED1BBC7F61E"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*","matchCriteriaId":"71CF8EFD-17F6-4D9A-961A-4B949A6C8B61"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*","matchCriteriaId":"B04DC2A8-CF05-4FB2-AE2F-AE07943B998D"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*","matchCriteriaId":"1F3BECA6-983C-436E-A635-4E1FB9080E56"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*","matchCriteriaId":"51A9A2B4-3693-490A-94E2-64E1DB795646"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*","matchCriteriaId":"C14AB385-8A9F-46FA-A1C5-4A4A45C1B7F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*","matchCriteriaId":"EC41CC5F-F088-4E65-B076-35665F0F6C7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p17:*:*:*:*:*:*","matchCriteriaId":"D599652E-9F70-4F9E-B8E9-99AB09EE851B"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p18:*:*:*:*:*:*","matchCriteriaId":"6DABDE38-A3AF-4DD2-928A-8B3A0AA054A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*","matchCriteriaId":"D49B1D63-8FDD-45FD-99F0-AA9E4FBCCB00"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p3:*:*:*:*:*:*","matchCriteriaId":"9CCE5845-1B77-4E97-B508-41400F4E1F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p4:*:*:*:*:*:*","matchCriteriaId":"3FCED94F-7683-40FE-B511-F1F49CDD1F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p5:*:*:*:*:*:*","matchCriteriaId":"0C4E70EC-3D46-40CE-AD59-597EFD721014"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p6:*:*:*:*:*:*","matchCriteriaId":"12E695A8-9A1E-4D7A-AB3B-AAC2CF777773"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p7:*:*:*:*:*:*","matchCriteriaId":"653632A8-E700-404A-ADB2-B3A50253ECB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p8:*:*:*:*:*:*","matchCriteriaId":"60733789-DDA3-4819-A9F1-70B76AC715CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:checkmk:checkmk:1.6.0:p9:*:*:*:*:*:*","matchCriteriaId":"D90DBA66-EF97-4CE9-AD4C-3A82F70D2250"}]}]}],"references":[{"url":"https://checkmk.com/check_mk-werks.php?werk_id=11501","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://checkmk.com/check_mk-werks.php?werk_id=11501","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}