Werk #6612: Fixed possible reflected XSS using back URLs in view editor

Component

User interface

Title

Fixed possible reflected XSS using back URLs in view editor

Date

Sep 14, 2018

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.5.0p5	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0p36	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

The parameter back of the following requests is vulnerable to reflected XSS. This vulnerability affects the create/modify view page and requires at least guest privileges. The victim has to click on the back button to trigger the injected code.

To the list of all Werks