Werk #4902: Monitoring history views: Fixed possible XSS when displaying "plugin output"
| Component | User interface | ||||||
| Title | Monitoring history views: Fixed possible XSS when displaying "plugin output" | ||||||
| Date | Jun 27, 2017 | ||||||
| Level | Trivial Change | ||||||
| Class | Security Fix | ||||||
| Compatibility | Compatible - no manual interaction needed | ||||||
| Checkmk versions & editions |
|
A possible XSS issue has been fixed in the monitoring history views displaying the plugin output of hosts or services. In case a host or service problem is being acknowledged with HTML code in the acknowlegement comment, this HTML code was not being escaped properly when being displayed in the "plugin output" column.
Only authenticated users that are permitted to acknowledge host or service problems could trigger this issue.