Werk #5427

ComponentBI
TitleFixed different XSS issues triggerd from BI aggregation/rule titles/descriptions
Date2017-10-27 15:47:59
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.4.0p17,1.5.0i1
Level1 - Trivial Change
ClassSecurity Fix
CompatibilityCompatible - no manual interaction needed

Different fields in the BI configuration (titles, ...) could be used to inject JS code into the WATO dialogs and the BI status views. This could be triggered by users with permission to administrate WATO.