CVE-2026-20915
Stored cross-site scripting in Pending Changes sidebar
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.
| CWE | CWE-79 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.5.0b1 < 2.5.0b2