Published: 24 February 2022
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.
fix 2.0.0p20: https://github.com/tribe29/checkmk/commit/03152e756198c4663d1f9880ba86c015712d9f18 fix 1.6.0p28: https://github.com/tribe29/checkmk/commit/b8d7b671786cb3261d3721aae39e77e69debd1a5
CVSS 3 base score: 5.4