Werk #12826: Fix reflected XSS using the on page search

Komponente User interface
Titel Fix reflected XSS using the on page search
Datum 28.04.2021
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 2.0.0p4 2.1.0b1
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

The on page search could be used to trigger a reflected XSS attack. It was possible to execute arbitrary javascript code in the context of the user clicking on the reset button of the on page search.

Zur Liste aller Werks