Werk #4757: Fixed possible reflected XSS in webapi.py
Component | User interface |
Title | Fixed possible reflected XSS in webapi.py |
Date | Jun 14, 2017 |
Checkmk Editon | Checkmk Raw (CRE) |
Checkmk Version | 1.5.0i1 |
Level | Prominent Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
In the Check_MK 1.4 branch URLs like this could be used for a reflected XSS attack:
http://
The error message was interpreted as HTML while it should be a plain text error message. This has been fixed now.