back to website

Werk #2390: Fixed possible XSS issue on views

Component User interface
Title Fixed possible XSS issue on views
Date Jun 30, 2015
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.2.7i3 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

It was possible to use the view_name variable to inject HTML/Javascript code into the status GUI views.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now