CVE-2018-18551

Name of the Vulnerable Software and Affected Versions ServersCheck Monitoring Software versions prior to 14.3.4

Description The issue concerns the presence of Persistent and Reflected XSS in the software. This can be exploited via several parameters, including status, type, device, location, group, and query in various HTML files such as sensors.html, report.html, group delete.html, and report save.html.

Recommendations For versions prior to 14.3.4, update to version 14.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters status, type, device, location, group, and query in the affected HTML files until a patch is available. Avoid using these parameters in the "sensors.html", "report.html", "group delete.html", and "report save.html" files until the issue is resolved.