Werk #5427: Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions
| Komponente | BI | ||||
| Titel | Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions | ||||
| Datum | 27.10.2017 | ||||
| Level | Kleine Änderung | ||||
| Klasse | Sicherheitsfix | ||||
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||||
| Checkmk versions & editions |
|
Different fields in the BI configuration (titles, ...) could be used to inject JS code into the WATO dialogs and the BI status views. This could be triggered by users with permission to administrate WATO.