Check_MK Werk 6612: Fixed possible reflected XSS using back URLs in view editor

18 Sep 2018

ID:          6612
Title:       Fixed possible reflected XSS using back URLs in view editor
Component:   Multisite
Level:       1
Class:       Security fix
Version:     1.6.0i1

The parameter back of the following requests is vulnerable to reflected XSS.
This vulnerability affects the create/modify view page and requires at least
guest privileges. The victim has to click on the back button to trigger the
injected code.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Check_MK Werk 6612: Fixed possible reflected XSS using back URLs in view editor