Check_MK Werk 0824: Valuespecs: Fixed several possible HTML injections in valuespecs

23 Jun 2014

ID:          0824
Title:       Valuespecs: Fixed several possible HTML injections in valuespecs
Component:   WATO
Level:       1
Class:       Security Fix
Version:     1.2.5i4

Several HTML injections in valuespecs of different types (mostly used in WATO)
were missing good escaping of values. This has been added to prevent HTML
code injections which could be used for XSS attacks. This only affects WATO
and logged in users which are permitted to use WATO and open the page
(e.g. the list of rules) which displays the values.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Check_MK Werk 0824: Valuespecs: Fixed several possible HTML injections in valuespecs