back to website

Werk #2389: Fixed XSS using the _body_class parameter of views

Component User interface
Title Fixed XSS using the _body_class parameter of views
Date Jun 30, 2015
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.2.7i3 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

It was possible to use the _body_class parameter of the status GUI views to inject HTML/Javascript code into the pages.

The _body_class parameter, which was only used for internal purposes, has totally been removed now.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now