Werk #6612: Fixed possible reflected XSS using back URLs in view editor
Component | User interface | ||||||
Title | Fixed possible reflected XSS using back URLs in view editor | ||||||
Date | Sep 14, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
The parameter back of the following requests is vulnerable to reflected XSS. This vulnerability affects the create/modify view page and requires at least guest privileges. The victim has to click on the back button to trigger the injected code.