Werk #8881: Fix possible XSS issue on "confirm failed notifications" page
Component | User interface |
Title | Fix possible XSS issue on "confirm failed notifications" page |
Date | Sep 4, 2019 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.6.0b9 2.0.0i1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
Using a manipulated notification script or notification destination system it was possible to inject javascript code into the "confirm failed notifications" page.
To prevent users from this potential issue, you could remove the permission for viewing the failed notifications from the users roles.