Check_MK Werk 4757: Fixed possible reflected XSS in webapi.py

ID: 4757 Title: Fixed possible reflected XSS in webapi.py Component: Multisite Level: 2 Class: Security fix Version: 1.5.0i1 In the Check_MK 1.4 branch URLs like this could be used for a reflected XSS attack: <tt>http://<test host>/<site>/check_mk/webapi.py?_username=<script>alert("XSS")</script>&_secret=AnythingHere The error message was interpreted as HTML while it should be a plain text error message. This has been fixed now.