Werk #12762: Fix several XSS issues

Name: checkmk
Rating: 4.7 (114 reviews)

Component

User interface

Title

Fix several XSS issues

Date

May 7, 2021

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.1.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p4	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0p25	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

JavaScript was executed in the rule overview if a script was entered in the Text to match of EC rules.
JavaScript was executed if scripts were entered in the LDAP server and failover server and "Save & Test" was clicked
JavaScript was executed in the notification rules if sripts were entered in the the title and topic of aux tags and tags.

FEED-6031