Werk #5427: Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions
Komponente | BI |
Titel | Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions |
Datum | 27.10.2017 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.4.0p17 1.5.0i1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
Different fields in the BI configuration (titles, ...) could be used to inject JS code into the WATO dialogs and the BI status views. This could be triggered by users with permission to administrate WATO.