Branch: refs/heads/1.6.0
Home:
https://github.com/tribe29/checkmk
Commit: e52ba16e39d21c2d81fd03be98f864ac89b396f4
https://github.com/tribe29/checkmk/commit/e52ba16e39d21c2d81fd03be98f864ac8…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2019-09-04 (Wed, 04 Sep 2019)
Changed paths:
A .werks/8881
M cmk/gui/notifications.py
Log Message:
-----------
8881 SEC Fix possible XSS issue on "confirm failed notifications" page
Using a manipulated notification script or notification destination system it
was possible to inject javascript code into the "confirm failed notifications"
page.
To prevent users from this potential issue, you could remove the permission for
viewing the failed notifications from the users roles.
Change-Id: I07f84a8a7a577602055fab37b07cd162978ce7d4