{"id":"CVE-2022-24565","details":"Checkmk \u003c=2.0.0p19 Fixed in 2.0.0p20 and Checkmk \u003c=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.","modified":"2026-04-12T04:41:23.718665Z","published":"2022-02-24T15:15:29.513Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/13716"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"0"},{"last_affected":"d5ccd5ecc956e665aca80f3c486f7fa46f409424"},{"last_affected":"04813a13c6522da99028a99cb99505757808497b"},{"last_affected":"515532647e2ed9711109eda47bba60ab9ef44d77"},{"last_affected":"2a2ec677a31f9cfa5c00692b64654031c3da2a08"},{"last_affected":"23c0d61b54a817b4c0a1a23f301b4e1c2833a7b1"},{"last_affected":"6e04fbc04d3ce031ee3b91dc51fe61df1215ab22"},{"last_affected":"ba29b0f10d16be2f8513ecd6566f53d508f9fe02"},{"last_affected":"2c7990e82af4fff30379472838eb5b9ef0ebfa7a"},{"last_affected":"53649df3184e97b930e8d1dbf7a248e6cb28c21c"},{"last_affected":"bef7153bb05de7a9335a5534edf4d49484c26b98"},{"last_affected":"c2173ab296c8df943f2b899d2b9beb6a00bab5bd"},{"last_affected":"d212d3a2692868ea916c37841afa65f4fa07d998"},{"last_affected":"9d5d264e9fcd0da62d13dbf6decbf7b84ccd86f9"},{"last_affected":"7ce1924cca467dbddd1a98aaf537e78b5505e477"},{"last_affected":"6c8700b14ba358e91632103a4270b7c49a54e2b8"},{"last_affected":"8c60c2922866c21bc86d05f16af4852e18164297"},{"last_affected":"314add736614b9b4a9100ae2294b75a72b01c6aa"},{"last_affected":"e323962c9081894ea40c7e0880a5de578fe2d2bf"},{"last_affected":"2b920acb7fcd43e4a9c7fc07cd3456c7abea7939"},{"last_affected":"2851c0500dd714163a8203e58d371771da1191a4"},{"last_affected":"8c4e64ce3431d4a91f0ba7deae056041453a2be1"},{"last_affected":"24fb378d9e2a8d40488264f1a3eb24a0f41f63c5"},{"last_affected":"5f21e6a9fa9986548ee691c60b6e17fbb274f790"},{"last_affected":"a08e390df0ae711bbee6fbdd0d32da1452918ae3"},{"last_affected":"a21f44d5ed8ad8c40784e6c68faf597d7e45a949"},{"last_affected":"6d2dbf92cfa5a81748474d25c363580149b0f2f1"},{"last_affected":"715a3481d11141310265e2144e29271bfb4e6ef2"},{"last_affected":"3097f9c57877fe7651d8c2a46e648a28cf920ed6"},{"last_affected":"81ef39b47302619a5b4ff268a9cd0576b75e7bcb"},{"last_affected":"a95de6e2902e809b0fe81105b56977603d9fb240"},{"last_affected":"3a98f74ec242670d49ac7fec02d99fe98473500a"},{"last_affected":"b23e1322930e36d532c7a4d339221681debad59b"},{"last_affected":"df41d340f4846d8c56fc59dc66aa75eea1982267"},{"last_affected":"684d45dd10dc01d4c8832a57143e01f99648935c"},{"last_affected":"732c7bf20e0494dab8adf1bcd33050c12152953a"},{"last_affected":"a7e983abbae3f5e5e76597fcf514f27496c6b8af"},{"last_affected":"9a6a31d750f2ce84318fb060edc2ce773e6ff40f"},{"last_affected":"3e6d79677aeebabb6ba079026a06736b5ce6ece1"},{"last_affected":"6eb3b5bc4955858e31cdfb55d54dd73596fda235"},{"last_affected":"8b5aced3bb5522033e47d88084ca781a8564a988"},{"last_affected":"1072c2466449c89ab730e2d8edd9b0115f2866fe"},{"last_affected":"484ded389cf62414abc10f16894abed01da8e4d2"}],"database_specific":{"cpe":["cpe:2.3:a:checkmk:checkmk:1.6.0:-:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b10:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b12:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b3:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b4:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b5:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:b9:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p10:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p11:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p12:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p13:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p14:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p15:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p16:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p19:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p20:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p21:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p22:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p23:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p24:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p25:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p26:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:1.6.0:p27:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:-:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b2:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b3:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b4:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b5:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b6:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b7:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:b8:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:i1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p1:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p10:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p11:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p12:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p13:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p14:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p15:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p16:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p17:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p18:*:*:*:*:*:*","cpe:2.3:a:checkmk:checkmk:2.0.0:p19:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.6.0-NA"},{"last_affected":"1.6.0-b1"},{"last_affected":"1.6.0-b10"},{"last_affected":"1.6.0-b12"},{"last_affected":"1.6.0-b3"},{"last_affected":"1.6.0-b4"},{"last_affected":"1.6.0-b5"},{"last_affected":"1.6.0-b9"},{"last_affected":"1.6.0-p1"},{"last_affected":"1.6.0-p10"},{"last_affected":"1.6.0-p11"},{"last_affected":"1.6.0-p12"},{"last_affected":"1.6.0-p13"},{"last_affected":"1.6.0-p14"},{"last_affected":"1.6.0-p15"},{"last_affected":"1.6.0-p16"},{"last_affected":"1.6.0-p19"},{"last_affected":"1.6.0-p2"},{"last_affected":"1.6.0-p20"},{"last_affected":"1.6.0-p21"},{"last_affected":"1.6.0-p22"},{"last_affected":"1.6.0-p23"},{"last_affected":"1.6.0-p24"},{"last_affected":"1.6.0-p25"},{"last_affected":"1.6.0-p26"},{"last_affected":"1.6.0-p27"},{"last_affected":"2.0.0-NA"},{"last_affected":"2.0.0-b1"},{"last_affected":"2.0.0-b2"},{"last_affected":"2.0.0-b3"},{"last_affected":"2.0.0-b4"},{"last_affected":"2.0.0-b5"},{"last_affected":"2.0.0-b6"},{"last_affected":"2.0.0-b7"},{"last_affected":"2.0.0-b8"},{"last_affected":"2.0.0-i1"},{"last_affected":"2.0.0-p1"},{"last_affected":"2.0.0-p10"},{"last_affected":"2.0.0-p11"},{"last_affected":"2.0.0-p12"},{"last_affected":"2.0.0-p13"},{"last_affected":"2.0.0-p14"},{"last_affected":"2.0.0-p15"},{"last_affected":"2.0.0-p16"},{"last_affected":"2.0.0-p17"},{"last_affected":"2.0.0-p18"},{"last_affected":"2.0.0-p19"}],"source":"CPE_FIELD"}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.5i1","v1.2.5i6","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0","v1.6.0b1","v1.6.0b10","v1.6.0b11","v1.6.0b2","v1.6.0b3","v1.6.0b4","v1.6.0b5","v1.6.0b6","v1.6.0b7","v1.6.0b8","v1.6.0b9","v1.6.0p1","v1.6.0p10","v1.6.0p11","v1.6.0p12","v1.6.0p13","v1.6.0p14","v1.6.0p15","v1.6.0p16","v1.6.0p17","v1.6.0p18","v1.6.0p19","v1.6.0p2","v1.6.0p20","v1.6.0p21","v1.6.0p22","v1.6.0p23","v1.6.0p24","v1.6.0p25","v1.6.0p26","v1.6.0p27","v1.6.0p3","v1.6.0p4","v1.6.0p5","v1.6.0p6","v1.6.0p7","v1.6.0p8","v1.6.0p9","v2.0.0","v2.0.0b1","v2.0.0b2","v2.0.0b3","v2.0.0b4","v2.0.0b5","v2.0.0b6","v2.0.0b7","v2.0.0i1","v2.0.0p1","v2.0.0p10","v2.0.0p11","v2.0.0p12","v2.0.0p13","v2.0.0p14","v2.0.0p15","v2.0.0p16","v2.0.0p17","v2.0.0p18","v2.0.0p19","v2.0.0p3","v2.0.0p4","v2.0.0p5","v2.0.0p6","v2.0.0p7","v2.0.0p8","v2.0.0p9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24565.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}