Werk #6423: Fixed possible XSS in views with some filters
Component | User interface |
Title | Fixed possible XSS in views with some filters |
Date | Aug 2, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0p35 1.5.0p1 1.6.0b1 |
Level | Trivial Change |
Class | Bug Fix |
Compatibility | Compatible - no manual interaction needed |
It was possible to inject some specific HTML tags (like the a-tag) into the title of views which could be used to make users click on it to execute some arbitrary javascript code.