Module: check_mk
Branch: master
Commit: 489f235273865a05dfd0ee12c825575ddb6ef20b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=489f235273865a…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Aug 30 16:47:31 2018 +0200
6516 SEC Fixed stored XSS using alert handler config
A user with permission to the alert handler administration could use an alert rule to
store arbitrary javascript code which would then be executed in the context of the
browser
of another user with permission to the alert handler administration when viewing the list
of alert handlers.
Change-Id: Iac9e1891ea9a0166f7347d6e7349c3f610b190e6
---
.werks/6516 | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/.werks/6516 b/.werks/6516
new file mode 100644
index 0000000..ecbabc5
--- /dev/null
+++ b/.werks/6516
@@ -0,0 +1,14 @@
+Title: Fixed stored XSS using alert handler config
+Level: 1
+Component: alerts
+Class: security
+Compatible: compat
+Edition: cee
+State: unknown
+Version: 1.6.0i1
+Date: 1535639159
+
+A user with permission to the alert handler administration could use an alert rule to
+store arbitrary javascript code which would then be executed in the context of the
browser
+of another user with permission to the alert handler administration when viewing the
list
+of alert handlers.