Check_MK < 1.4.0p6 webapi.py XSS
Medium Nessus Plugin ID 101089
SynopsisAn IT monitoring application running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Check_MK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site (XSS) scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Check_MK version 1.4.0p6 or later.