Werk #2389: Fixed XSS using the _body_class parameter of views
| Component | User interface | ||
| Title | Fixed XSS using the _body_class parameter of views | ||
| Date | Jun 30, 2015 | ||
| Level | Trivial Change | ||
| Class | Security Fix | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
It was possible to use the _body_class parameter of the status GUI views to inject HTML/Javascript code into the pages.
The _body_class parameter, which was only used for internal purposes, has totally been removed now.