Werk #2387: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters
| Komponente | User interface |
| Titel | Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters |
| Datum | 30.06.2015 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk-Version | 1.2.7i3 |
| Level | Kleine Änderung |
| Klasse | Sicherheitsfix |
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
On some pages, like for example the host group management page of WATO, it was possible to inject user provided HTML/Javascript code into the confirm messages. An attacker could use this to let an authenticated user open a prepared URL for privilege escalation within the GUI.
