Werk #11501: Fix possible XSS using titles of views
| Komponente | User interface | ||||
| Titel | Fix possible XSS using titles of views | ||||
| Datum | 20.10.2020 | ||||
| Level | Kleine Änderung | ||||
| Klasse | Sicherheitsfix | ||||
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||||
| Checkmk versions & editions |
|
Authenticated users that are allowed to configure and share custom views could inject arbitrary JS code to all users which are permitted to view this view.