Checkmk 2.0 is here! See what's new.

Werk #2389: Fixed XSS using the _body_class parameter of views

Component GUI
Title Fixed XSS using the _body_class parameter of views
Date Jun 30, 2015
Checkmk Editon Checkmk Raw (CRE)
Checkmk Version 1.2.7i3
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed

It was possible to use the _body_class parameter of the status GUI views to inject HTML/Javascript code into the pages.

The _body_class parameter, which was only used for internal purposes, has totally been removed now.

To the list of all Werks