ID: 5632
Title: Fixed XSS when rendering values of dropdown choices
Component: Multisite
Level: 1
Class: Security fix
Version: 1.5.0i3
When using the WATO configuration it was possible to create e.g.
a service level definition with javascript code in it's alias. When
this definition was configured in a rule of the ruleset
"Service Level of Hosts", the javascript code could be executed in the
browsers context of the user viewing the rule.
The insertion of the javascript code is only possible for authenticated
users with the permission to configure Check_MK.
Show replies by date