{"id":"CVE-2020-28919","details":"A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.","modified":"2026-02-24T11:37:06.379320Z","published":"2022-01-15T17:15:08.283Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/check_mk-werks.php?werk_id=11501"},{"type":"ADVISORY","url":"https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"},{"type":"ADVISORY","url":"https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"},{"type":"FIX","url":"https://github.com/tribe29/checkmk/commit/c00f450f884d8a229b7d8ab3f0452ed802a1ae04"},{"type":"FIX","url":"https://github.com/tribe29/checkmk/commit/e7fd8e4c90be490e4293ec91804d00ec01af5ca6"},{"type":"EVIDENCE","url":"https://emacsninja.com/posts/cve-2020-28919-stored-xss-in-checkmk-160p18.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"d5ccd5ecc956e665aca80f3c486f7fa46f409424"}]}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.11i4","v1.1.12","v1.1.12b1","v1.1.12b2","v1.1.13i1","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.3b1","v1.1.4","v1.1.5i0","v1.1.5i1","v1.1.5i2","v1.1.5i3","v1.1.6","v1.1.6b2","v1.1.6b3","v1.1.7i1","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i2","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i6","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b1","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0b5","v1.2.0b6","v1.2.0p1","v1.2.0p2","v1.2.0p3","v1.2.1i1","v1.2.1i2","v1.2.1i3","v1.2.1i4","v1.2.1i5","v1.2.2b1","v1.2.3i1","v1.2.3i2","v1.2.3i3","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.3i7","v1.2.5i1","v1.2.5i2","v1.2.5i3","v1.2.5i4","v1.2.5i5","v1.2.5i6","v1.2.7i1","v1.2.7i2","v1.2.7i3","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0","v1.6.0b1","v1.6.0b10","v1.6.0b11","v1.6.0b2","v1.6.0b3","v1.6.0b4","v1.6.0b5","v1.6.0b6","v1.6.0b7","v1.6.0b8","v1.6.0b9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28919.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}