Werk #11501: Fix possible XSS using titles of views

Name: checkmk
Rating: 4.7 (114 reviews)

Component

User interface

Title

Fix possible XSS using titles of views

Date

Oct 20, 2020

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.0.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0i1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0p19	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Authenticated users that are allowed to configure and share custom views could inject arbitrary JS code to all users which are permitted to view this view.

To the list of all Werks