Werk #6423: Fixed possible XSS in views with some filters
Komponente | User interface |
Titel | Fixed possible XSS in views with some filters |
Datum | 02.08.2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.4.0p35 1.5.0p1 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
It was possible to inject some specific HTML tags (like the a-tag) into the title of views which could be used to make users click on it to execute some arbitrary javascript code.