Catch up on the latest product updates, best practices, and expert insights from the Checkmk Conference #12 – Watch the livestream recordings now
back to website

Werk #6449: Fixed stored XSS using custom host / user attributes

Component User interface
Title Fixed stored XSS using custom host / user attributes
Date Aug 14, 2018
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.6.0b1 Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
1.5.0p2 Checkmk Community, Checkmk Pro, Checkmk Ultimate MT

A user with admin privileges could inject arbitrary JS code into custom attributes which could then be executed in the context of other users.

To the list of all Werks