CVE-2021-40906

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-40906
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40906.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40906
Downstream
Published
2022-03-25T23:15:08.287Z
Modified
2026-04-10T04:38:07.277736Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.

References

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type
GIT
Repo
https://github.com/checkmk/checkmk
Events
Introduced
adf02f46678361844d794effb70eeca27c268548
Fixed
d5ccd5ecc956e665aca80f3c486f7fa46f409424
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5ccd5ecc956e665aca80f3c486f7fa46f409424
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04813a13c6522da99028a99cb99505757808497b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
515532647e2ed9711109eda47bba60ab9ef44d77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2a2ec677a31f9cfa5c00692b64654031c3da2a08
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
23c0d61b54a817b4c0a1a23f301b4e1c2833a7b1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6e04fbc04d3ce031ee3b91dc51fe61df1215ab22
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ba29b0f10d16be2f8513ecd6566f53d508f9fe02
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2c7990e82af4fff30379472838eb5b9ef0ebfa7a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04813a13c6522da99028a99cb99505757808497b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
515532647e2ed9711109eda47bba60ab9ef44d77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53649df3184e97b930e8d1dbf7a248e6cb28c21c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2a2ec677a31f9cfa5c00692b64654031c3da2a08
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bef7153bb05de7a9335a5534edf4d49484c26b98
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c2173ab296c8df943f2b899d2b9beb6a00bab5bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d212d3a2692868ea916c37841afa65f4fa07d998
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d5d264e9fcd0da62d13dbf6decbf7b84ccd86f9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ce1924cca467dbddd1a98aaf537e78b5505e477
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6c8700b14ba358e91632103a4270b7c49a54e2b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8c60c2922866c21bc86d05f16af4852e18164297
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
314add736614b9b4a9100ae2294b75a72b01c6aa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e323962c9081894ea40c7e0880a5de578fe2d2bf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2b920acb7fcd43e4a9c7fc07cd3456c7abea7939
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2851c0500dd714163a8203e58d371771da1191a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8c4e64ce3431d4a91f0ba7deae056041453a2be1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
23c0d61b54a817b4c0a1a23f301b4e1c2833a7b1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6e04fbc04d3ce031ee3b91dc51fe61df1215ab22
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ba29b0f10d16be2f8513ecd6566f53d508f9fe02
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fc1eb156035f9941aae400258ef96e77b9c2bef9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf11a87326ca17bc321064280763dede1febda7f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
370fedb12335d97dfdec344e4b15bbb489c72b20
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2c7990e82af4fff30379472838eb5b9ef0ebfa7a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
515532647e2ed9711109eda47bba60ab9ef44d77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53649df3184e97b930e8d1dbf7a248e6cb28c21c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
515532647e2ed9711109eda47bba60ab9ef44d77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f4b77018749689779d96b5ae77966cbda916dc52
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
604cfaf085d561ecef8e0326187d66bb63b97714
Database specific 
{
    "versions": [
        {
            "introduced": "1.5.0"
        },
        {
            "fixed": "1.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-b9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p21"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p22"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0-p9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0b10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0b11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0p10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0p17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0p18"
        }
    ]
}

Affected versions

1.*
1.1.0beta17
v1.*
v1.1.0
v1.1.10
v1.1.10b1
v1.1.10b2
v1.1.11i1
v1.1.11i2
v1.1.11i3
v1.1.13i2
v1.1.13i3
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.6b2
v1.1.7i2
v1.1.7i3
v1.1.7i4
v1.1.7i5
v1.1.8
v1.1.8b1
v1.1.8b2
v1.1.8b3
v1.1.9i1
v1.1.9i3
v1.1.9i4
v1.1.9i5
v1.1.9i7
v1.1.9i8
v1.1.9i9
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0p1
v1.2.1i5
v1.2.3i4
v1.2.3i5
v1.2.3i6
v1.2.5i1
v1.2.5i6
v1.4.0i1
v1.4.0i2
v1.4.0i3
v1.5.0i1
v1.5.0i2
v1.5.0i3
v1.6.0
v1.6.0b1
v1.6.0b10
v1.6.0b11
v1.6.0b2
v1.6.0b3
v1.6.0b4
v1.6.0b5
v1.6.0b6
v1.6.0b7
v1.6.0b8
v1.6.0b9
v1.6.0p1
v1.6.0p10
v1.6.0p11
v1.6.0p12
v1.6.0p13
v1.6.0p14
v1.6.0p15
v1.6.0p16
v1.6.0p17
v1.6.0p18
v1.6.0p19
v1.6.0p2
v1.6.0p20
v1.6.0p21
v1.6.0p22
v1.6.0p23
v1.6.0p24
v1.6.0p25
v1.6.0p3
v1.6.0p4
v1.6.0p5
v1.6.0p6
v1.6.0p7
v1.6.0p8
v1.6.0p9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40906.json"