Branch: refs/heads/master Home: https://github.com/Checkmk/checkmk Commit: 9fa035ed8582091470907bb08fef5437591b1826 https://github.com/Checkmk/checkmk/commit/9fa035ed8582091470907bb08fef54375… Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com> Date: 2024-08-26 (Mon, 26 Aug 2024) Changed paths: A .werks/17026.md Log Message: ----------- 17026 SEC Fix XSS in view page with SLA column Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability. **Affected Versions**: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) **Indicators of Compromise**: Cloning the view page of untrusted users who have injected HTML into the SLA titles. **Vulnerability Management**: We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`. Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58 To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications