Download

Werk #2390: Fixed possible XSS issue on views

Component User interface
Title Fixed possible XSS issue on views
Date Jun 30, 2015
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.2.7i3 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

It was possible to use the view_name variable to inject HTML/Javascript code into the status GUI views.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing