Primary

Context

Checkmk Stored Cross-Site Scripting Vulnerability in Unified Search

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Checkmk version 2.5.0 (beta) prior to 2.5.0b2. This vulnerability allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users using the Unified Search feature. The issue arises because host and service names were not properly sanitized before being displayed in search results, enabling the injection of malicious scripts.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the search results.

Remediation

Users can upgrade to Checkmk version 2.5.0b2 or 2.6.0b1 to address this vulnerability.

Added: Mar 31, 2026, 3:30 PM

Updated: Mar 31, 2026, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Stored Cross-Site Scripting Vulnerability in Unified Search

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating