Check_MK Werk 6516: Fixed stored XSS using alert handler config

30 Aug 2018

ID:          6516
Title:       Fixed stored XSS using alert handler config
Component:   alerts
Level:       1
Class:       Security fix
Version:     1.6.0i1

A user with permission to the alert handler administration could use an alert rule to
store arbitrary javascript code which would then be executed in the context of the
browser
of another user with permission to the alert handler administration when viewing the list
of alert handlers.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Check_MK Werk 6516: Fixed stored XSS using alert handler config