Michał Kaczmarek

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 2.5.0 through 2.5.0b1 **Description** A stored cross-site scripting issue exists in Checkmk. An authenticated user with the ability to create hosts or services can inject malicious JavaScript code. This code will then execute in the browsers of other users when they utilize the Unified Search feature. The vulnerability allows for arbitrary JavaScript execution. **Recommendations** Update to version 2.5.0b2 or later.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 2.4.0 through 2.4.0p23 Checkmk versions 2.3.0 through 2.3.0p43 Checkmk version 2.2.0 **Description** Improper permission enforcement allows authenticated users to enumerate existing hosts by observing different HTTP response codes in the `/agent-receiver/register existing` API endpoint, potentially leading to information disclosure. **Recommendations** Checkmk versions 2.4.0 through 2.4.0p23 should be updated to version 2.4.0p23 or later. Checkmk versions 2.3.0 through 2.3.0p43 should be updated to version 2.3.0p43 or later. Checkmk version 2.2.0 is end-of-life and should be upgraded to a supported version.