Werk #5654: Fixed XSS on the site management page
Component | User interface | ||||
Title | Fixed XSS on the site management page | ||||
Date | Jan 24, 2018 | ||||
Level | Trivial Change | ||||
Class | Security Fix | ||||
Compatibility | Compatible - no manual interaction needed | ||||
Checkmk versions & editions |
|
When using the WATO configuration it was possible to create a site on the distributed monitoring page which uses with javascript code in it's alias. When this site was later displayed in the site tables, the javascript code could be executed in the browsers context of the user viewing the table.
The insertion of the javascript code is only possible for authenticated users with the permission to configure Check_MK sites.