[checkmk-commits] [tribe29/checkmk] 5ba439: 11747 SEC Fix stored XSS triggered by received sys...

3 Dec 2020

  Branch: refs/heads/1.6.0
  Home:   https://github.com/tribe29/checkmk
  Commit: 5ba43974636684161e07ac5652afc5b2fe8815e8
      https://github.com/tribe29/checkmk/commit/5ba43974636684161e07ac5652afc5b2f…
  Author: Lars Michelsen &lt;lm(a)tribe29.com&gt;
  Date:   2020-12-03 (Thu, 03 Dec 2020)

  Changed paths:
    A .werks/11747
    M cmk/gui/plugins/views/mkeventd.py

  Log Message:
  -----------
  11747 SEC Fix stored XSS triggered by received syslog messages

You are only affected by this issue in case you use the Event Console.

An attacker could send messages to the Event Console, e.g. via syslog,
containing arbitrary HTML code. This was executed in the browser context of any
user viewing the event in the Checkmk user interface.

The information is now properly escaped in a generic way to prevent these
issues.

Change-Id: I5d4f3594e69de7980aa474b8e3b9aa94d7342bb2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] [tribe29/checkmk] 5ba439: 11747 SEC Fix stored XSS triggered by received sys...