CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-13722: Checkmk NagVis Reflected Cross-site Scripting

Description

The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.

Classification

CVE ID: CVE-2024-13722

Affected Products

Vendor: Checkmk

Product: NagVis

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.33% (scored less or equal to compared to others)

EPSS Date: 2025-03-05 (when was this score calculated)

References

https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt
https://www.nagvis.org/downloads/changelog/1.9.42
https://checkmk.com/werks?version=2.3.0p10

Timeline

2025-02-05 00:46:11 UTC
CVE

Checkmk NagVis Reflected Cross-site Scripting