back to website

Werk #14260: Fix XSS vulnerability in dashboard elements

Component Setup
Title Fix XSS vulnerability in dashboard elements
Date Jun 1, 2022
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.0.0p26 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

A persistent XSS attack was possible by injecting javascript payloads in strings displayed on various dashboards (e.g., service description).

To the list of all Werks