Headline
CVE-2020-28919: Fix possible XSS using titles of views
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
Customer portalWho we are
Our Customers
Career
Brand Assets
Contact
Newsroom
Find a partner
Become a partner
Component
User interface
Title
Fix possible XSS using titles of views
Date
Oct 20, 2020
Checkmk Editon
Checkmk Raw (CRE)
Checkmk Version
1.6.0p19 2.0.0i1
Level
Trivial Change
Class
Security Fix
Compatibility
Compatible - no manual interaction needed
Authenticated users that are allowed to configure and share custom views could inject arbitrary JS code to all users which are permitted to view this view.
To the list of all Werks