Werk #2389: Fixed XSS using the _body_class parameter of views
Component | User interface |
Title | Fixed XSS using the _body_class parameter of views |
Date | Jun 30, 2015 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.2.7i3 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
It was possible to use the _body_class parameter of the status GUI views to inject HTML/Javascript code into the pages.
The _body_class parameter, which was only used for internal purposes, has totally been removed now.