back to website

Werk #8881: Fix possible XSS issue on "confirm failed notifications" page

Component User interface
Title Fix possible XSS issue on "confirm failed notifications" page
Date Sep 4, 2019
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.0.0i1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b9 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Using a manipulated notification script or notification destination system it was possible to inject javascript code into the "confirm failed notifications" page.

To prevent users from this potential issue, you could remove the permission for viewing the failed notifications from the users roles.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2026 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now