Module: check_mk
Branch: master
Commit: 5012f460af181f9792419de59426082a77d0b16f
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5012f460af181f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jun 30 10:19:55 2015 +0200
Updated werk text
---
.werks/2387 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.werks/2387 b/.werks/2387
index 834c9a7..dd0c0ab 100644
--- a/.werks/2387
+++ b/.werks/2387
@@ -9,4 +9,5 @@ Date: 1435652277
On some pages, like for example the host group management page of WATO, it was possible
to inject user provided HTML/Javascript code into the confirm messages. An attacker
could
-use this to let an authenticated user open a prepared URL for privilege escalation.
+use this to let an authenticated user open a prepared URL for privilege escalation
within
+the GUI.