Werk #12826: Fix reflected XSS using the on page search

Name: checkmk
Rating: 4.7 (114 reviews)

Component

User interface

Title

Fix reflected XSS using the on page search

Date

Apr 28, 2021

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.1.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p4	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

The on page search could be used to trigger a reflected XSS attack. It was possible to execute arbitrary javascript code in the context of the user clicking on the reset button of the on page search.

To the list of all Werks