Download

Werk #824: Valuespecs: Fixed several possible HTML injections in valuespecs

Component Setup
Title Valuespecs: Fixed several possible HTML injections in valuespecs
Date Jun 23, 2014
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 1.2.5i4
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed

Several HTML injections in valuespecs of different types (mostly used in WATO) were missing good escaping of values. This has been added to prevent HTML code injections which could be used for XSS attacks. This only affects WATO and logged in users which are permitted to use WATO and open the page (e.g. the list of rules) which displays the values.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing
Checkmk Conference #10

Join us for the highlight of the year when the Checkmk Community gets together in Munich from June 11-13.

Register now