Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: c61b2802efdc104219501fe2fc472bd42798219d https://github.com/tribe29/checkmk/commit/c61b2802efdc104219501fe2fc472bd42… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- Add tests to confirm XSS issue Change-Id: I88f4fd54dcb525aca313303ec1f004f4f5822eef Commit: ab9e24c89f4ec553a423ff71aedde4a675cdd468 https://github.com/tribe29/checkmk/commit/ab9e24c89f4ec553a423ff71aedde4a67… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12564 M cmk/gui/htmllib.py M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- 12564 SEC Fix possible stored XSS issue when uploading backup keys Uploading backup keys could trigger a XSS issue which could lead to execution of arbitrary javascript code in the context of the user currently accessing the setup GUI. CMK-7152 Change-Id: I384976cb2216a0a9da336b45b26e2e3da450d52c Compare: https://github.com/tribe29/checkmk/compare/6b60d12d81ff...ab9e24c89f4e