Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36563

EPSS 7.99% · P92
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-36563

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CheckMK management web console 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CheckMK management web console是一个应用软件。基于Asciidoctor和HTML上自动提供docs.checkmk.com。 CheckMK management web console存在跨站脚本漏洞,该漏洞允许攻击者可利用该漏洞使用HTML内容在设备上打开后门,并由浏览器解释(如JavaScript或其他客户端脚本),当用户访问应用程序的某些特定部分时,XSS有效负载将被触发。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-36563

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/Edgarloyola/CVE-2021-36563POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-36563

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-07-26 · 37 CVEs total

CVE-2020-23239Textpattern CMS跨站脚本漏洞
CVE-2020-18170Abloy Key Manager 安全漏洞
CVE-2020-18171TechSmith Snagit 安全漏洞
CVE-2020-18172Trezor Bridge 代码注入漏洞
CVE-2020-18173AgileBits 1Password 代码问题漏洞
CVE-2020-18174AutoHotkey 安全漏洞
CVE-2020-23234LavaLite 跨站脚本漏洞
CVE-2020-23238Evolution CMS 跨站脚本漏洞
CVE-2020-17952Twothink 安全漏洞
CVE-2020-18169TechSmith SnagIT 安全漏洞
CVE-2020-23240CMS Made Simple 跨站脚本漏洞
CVE-2020-23241CMS Made Simple 跨站脚本漏洞
CVE-2020-23242NavigateCMS和NavigateCMS 跨站脚本漏洞
CVE-2020-23243NavigateCMS 跨站脚本漏洞
CVE-2021-37555TX9 Automatic Food Dispenser 授权问题漏洞
CVE-2021-37576Linux kernel 缓冲区错误漏洞
CVE-2020-18428tinyexr commit 输入验证错误漏洞
CVE-2020-18430tinyexr 输入验证错误漏洞
CVE-2021-25804VideoLAN VLC media player 代码问题漏洞
CVE-2020-126813xlogic 3xLogic Infinias eIDC32 信任管理问题漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-36563

No comments yet

Leave a comment