Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 39491f6799277518c84d45ab266538b226cbec7a
https://github.com/tribe29/checkmk/commit/39491f6799277518c84d45ab266538b22…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-03-02 (Tue, 02 Mar 2021)
Changed paths:
A .werks/12280
M cmk/gui/plugins/wato/utils/__init__.py
M cmk/gui/watolib/host_attributes.py
Log Message:
-----------
12280 SEC Fix XSS on host / folder properties page
A user with permissions to edit tag groups could trigger a stored XSS issue on
the host and folder properties pages. This may lead to javascript code being
executed in the browser of another user which is able to access the host and
folder properties pages.
Change-Id: I6b5ed2716b297e5e8be7d621754a3459bdb05265