2021-36563 | CheckMK WATO cross site scripting
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability classified as problematic was found in CheckMK up to 2.0.0. Affected by this vulnerability is some unknown functionality of the component WATO. The manipulation of the argument
various with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. As an impact it is known to affect integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors. The summary by CVE is:
The weakness was presented 07/27/2021. The advisory is shared at checkmk.com. This vulnerability is known as CVE-2021-36563 since 07/12/2021. The exploitation appears to be easy. The attack can be launched remotely. A single authentication is required for exploitation. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.5
Status: Not defined
0-Day Time: 🔒
See the underground prices here!