Werk #10242: Fix possible XSS using titles of custom snapins
Komponente | User interface |
Titel | Fix possible XSS using titles of custom snapins |
Datum | 27.09.2019 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.6.0p3 2.0.0i1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
Authenticated users that are allowed to configure and share custom snapins could inject arbitrary JS code to all users which are permitted to view this snapin.