Werk #6449: Fixed stored XSS using custom host / user attributes
Komponente | User interface |
Titel | Fixed stored XSS using custom host / user attributes |
Datum | 14.08.2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.5.0p2 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
A user with admin privileges could inject arbitrary JS code into custom attributes which could then be executed in the context of other users.