Werk #6423: Fixed possible XSS in views with some filters
Component | User interface | ||||||
Title | Fixed possible XSS in views with some filters | ||||||
Date | Aug 2, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Bug Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
It was possible to inject some specific HTML tags (like the a-tag) into the title of views which could be used to make users click on it to execute some arbitrary javascript code.