[checkmk-commits] [tribe29/checkmk] a9b6d3: 12280 SEC Fix XSS on host / folder properties page

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: a9b6d36f2a1bf22c2fbe03f71edd3dc846c97525 https://github.com/tribe29/checkmk/commit/a9b6d36f2a1bf22c2fbe03f71edd3dc84… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-03-02 (Tue, 02 Mar 2021) Changed paths: A .werks/12280 M cmk/gui/plugins/wato/utils/__init__.py M cmk/gui/watolib/host_attributes.py Log Message: ----------- 12280 SEC Fix XSS on host / folder properties page A user with permissions to edit tag groups could trigger a stored XSS issue on the host and folder properties pages. This may lead to javascript code being executed in the browser of another user which is able to access the host and folder properties pages. Change-Id: I6b5ed2716b297e5e8be7d621754a3459bdb05265