Werk #6449: Fixed stored XSS using custom host / user attributes
Component | User interface | ||||
Title | Fixed stored XSS using custom host / user attributes | ||||
Date | Aug 14, 2018 | ||||
Level | Trivial Change | ||||
Class | Security Fix | ||||
Compatibility | Compatible - no manual interaction needed | ||||
Checkmk versions & editions |
|
A user with admin privileges could inject arbitrary JS code into custom attributes which could then be executed in the context of other users.