Werk #6423: Fixed possible XSS in views with some filters

Component User interface
Title Fixed possible XSS in views with some filters
Date Aug 2, 2018
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 1.4.0p35 1.5.0p1 1.6.0b1
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

It was possible to inject some specific HTML tags (like the a-tag) into the title of views which could be used to make users click on it to execute some arbitrary javascript code.

To the list of all Werks