Werk #12826: Fix reflected XSS using the on page search

Name: checkmk
Rating: 4.7 (114 reviews)

Component

User interface

Title

Fix reflected XSS using the on page search

Date

Apr 28, 2021

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.1.0b1	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
2.0.0p4	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT

The on page search could be used to trigger a reflected XSS attack. It was possible to execute arbitrary javascript code in the context of the user clicking on the reset button of the on page search.

To the list of all Werks