[SBA-ADV-20250729-01] CVE-2025-39663: Checkmk Cross Site Scripting  – Full Disclosure

Posted by SBA Research Security Advisory via Fulldisclosure on Nov 07

# Checkmk Cross Site Scripting #

Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250729-01_Checkmk_Cross_Site_Scripting

## Vulnerability Overview ##

Checkmk in versions before 2.4.0p14 and 2.3.0p39, as well as in branches
2.2.0, 2.1.0 and 2.0.0 is prone to a Stored Cross-Site Scripting (XSS)
vulnerability when used in a distributed monitoring setup. Any connected
remote site can inject JavaScript code in the central…
 – Read More  – Full Disclosure