Werk #11501: Fix possible XSS using titles of views
Component | User interface |
Title | Fix possible XSS using titles of views |
Date | Oct 20, 2020 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 2.0.0i1 1.6.0p19 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
Authenticated users that are allowed to configure and share custom views could inject arbitrary JS code to all users which are permitted to view this view.