Download

Werk #13148: Fix stored XSS in description fields

Component User interface
Title Fix stored XSS in description fields
Date Aug 19, 2021
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.0.0p10 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Users with the permission to add/edit items in the custmize menu (views, topics, etc.) could trigger stored XSS in the overview page.

FEED-6322

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing