Download

Werk #2385: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions

Komponente User interface
Titel Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions
Datum 30.06.2015
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 1.2.7i3
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

On pages where an authenticated user can trigger an exception which is then displayed to the user as "Internal error" dialog with details about the exception, it was possible for the user to inject javascript code which was executed in the context of the authenticated user.

This has been fixed that javascript/html code which is injected is being escaped correctly.

Zur Liste aller Werks

Überzeugen Sie sich selbst

Testen Sie Checkmk jetzt.

Raw Edition herunterladen Kostenloses Open-Source-Monitoring
Play with Checkmk Checkmk ohne Installation ausprobieren
checkmk_conference_10.png

Das Highlight des Jahres: Vom 11. - 13. Juni 2024 kommt die Checkmk Community in München zusammen.

Register now