Branch: refs/heads/1.6.0
Home:
https://github.com/tribe29/checkmk
Commit: a9b6d36f2a1bf22c2fbe03f71edd3dc846c97525
https://github.com/tribe29/checkmk/commit/a9b6d36f2a1bf22c2fbe03f71edd3dc84…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-03-02 (Tue, 02 Mar 2021)
Changed paths:
A .werks/12280
M cmk/gui/plugins/wato/utils/__init__.py
M cmk/gui/watolib/host_attributes.py
Log Message:
-----------
12280 SEC Fix XSS on host / folder properties page
A user with permissions to edit tag groups could trigger a stored XSS issue on
the host and folder properties pages. This may lead to javascript code being
executed in the browser of another user which is able to access the host and
folder properties pages.
Change-Id: I6b5ed2716b297e5e8be7d621754a3459bdb05265