Werk #824: Valuespecs: Fixed several possible HTML injections in valuespecs

Komponente WATO
Titel Valuespecs: Fixed several possible HTML injections in valuespecs
Datum 23.06.2014
Checkmk-Editon Checkmk Raw (CRE)
Checkmk-Version 1.2.5i4
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

Several HTML injections in valuespecs of different types (mostly used in WATO) were missing good escaping of values. This has been added to prevent HTML code injections which could be used for XSS attacks. This only affects WATO and logged in users which are permitted to use WATO and open the page (e.g. the list of rules) which displays the values.

Zur Liste aller Werks