CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13722 – Checkmk NagVis Reflected Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-13722
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. • https://checkmk.com/werks?version=2.3.0p10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13723 – Checkmk NagVis Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13723
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. • https://checkmk.com/werks?version=2.3.0p10 • CWE-434: Unrestricted Upload of File with Dangerous Type •