Werk #6613: Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls
Component | User interface | ||||||
Title | Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls | ||||||
Date | Sep 14, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
Multiple parameters of several snapin AJAX calls were vulnerable to reflected XSS. The speedometer is accessible to all users with at least monitoring privileges.