Download

Werk #5427: Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions

Component BI
Title Fixed different XSS issues triggerd from BI aggregation/rule titles/descriptions
Date Oct 27, 2017
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.5.0i1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0p17 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Different fields in the BI configuration (titles, ...) could be used to inject JS code into the WATO dialogs and the BI status views. This could be triggered by users with permission to administrate WATO.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing