Werk #10242: Fix possible XSS using titles of custom snapins

Name: checkmk
Rating: 4.7 (114 reviews)

Component

User interface

Title

Fix possible XSS using titles of custom snapins

Date

Sep 27, 2019

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.0.0i1	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
1.6.0p3	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT

Authenticated users that are allowed to configure and share custom snapins could inject arbitrary JS code to all users which are permitted to view this snapin.

To the list of all Werks