|Titel||Fixed possible reflected XSS using custom bookmarks|
|Checkmk Edition||Checkmk Raw Edition (CRE)|
|Kompatibilität||Kompatibel - benötigt kein manuelles Eingreifen|
For example the user session cookies can be read and reported to the attackers, who could then hijack the users sessions with the application.
This issue has been fixed by limiting absolute URLs in bookmarks to the URL schemes https and http.