Werk #11501: Fix possible XSS using titles of views
| Component | User interface | ||||
| Title | Fix possible XSS using titles of views | ||||
| Date | Oct 20, 2020 | ||||
| Level | Trivial Change | ||||
| Class | Security Fix | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
Authenticated users that are allowed to configure and share custom views could inject arbitrary JS code to all users which are permitted to view this view.