Werk #12826: Fix reflected XSS using the on page search
Component | User interface |
Title | Fix reflected XSS using the on page search |
Date | Apr 28, 2021 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 2.0.0p4 2.1.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
The on page search could be used to trigger a reflected XSS attack. It was possible to execute arbitrary javascript code in the context of the user clicking on the reset button of the on page search.