Werk #2389: Fixed XSS using the _body_class parameter of views
Komponente | User interface |
Titel | Fixed XSS using the _body_class parameter of views |
Datum | 30.06.2015 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.2.7i3 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
It was possible to use the _body_class parameter of the status GUI views to inject HTML/Javascript code into the pages.
The _body_class parameter, which was only used for internal purposes, has totally been removed now.