Werk #12826: Fix reflected XSS using the on page search
Komponente | User interface |
Titel | Fix reflected XSS using the on page search |
Datum | 28.04.2021 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 2.0.0p4 2.1.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
The on page search could be used to trigger a reflected XSS attack. It was possible to execute arbitrary javascript code in the context of the user clicking on the reset button of the on page search.