ID: 6614
Title: Fixed reflected XSS affecting agent updater AJAX calls
Component: agents
Level: 1
Class: Security fix
Version: 1.6.0i1
When the hostname of a monitored agent is known, this could be used to exploit
a reflected XSS vulnerability. Every unauthenticated or authenticated user can
issue a request like this. The victim does not have to be authorized on the
Check_MK application
Show replies by date