Catch up on the latest product updates, best practices, and expert insights from the Checkmk Conference #12 – Watch the livestream recordings now
back to website

Werk #4902: Monitoring history views: Fixed possible XSS when displaying "plugin output"

Component User interface
Title Monitoring history views: Fixed possible XSS when displaying "plugin output"
Date Jun 27, 2017
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.5.0i1 Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
1.4.0p8 Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
1.2.8p25 Checkmk Community, Checkmk Pro, Checkmk Ultimate MT

A possible XSS issue has been fixed in the monitoring history views displaying the plugin output of hosts or services. In case a host or service problem is being acknowledged with HTML code in the acknowlegement comment, this HTML code was not being escaped properly when being displayed in the "plugin output" column.

Only authenticated users that are permitted to acknowledge host or service problems could trigger this issue.

To the list of all Werks