Werk #6449: Fixed stored XSS using custom host / user attributes
Component | User interface |
Title | Fixed stored XSS using custom host / user attributes |
Date | Aug 14, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.5.0p2 1.6.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
A user with admin privileges could inject arbitrary JS code into custom attributes which could then be executed in the context of other users.