CVE-2026-20915 in Checkmkالمعلومات

الملخص

بحسب MITRE • 31/03/2026

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Checkmk

حجز

23/03/2026

إفشاء

31/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-354409

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

2.4 (VulDB)

EPSS

0.00032

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-20915
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-20915
CVE Details	https://www.cvedetails.com/cve/CVE-2026-20915/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!