Werk #5427

TitelFixed different XSS issues triggerd from BI aggregation/rule titles/descriptions
Datum2017-10-27 15:47:59
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.4.0p17,1.5.0i1
Level1 - Triviale Änderung
KlasseSecurity Fix
KompatibilitätCompatible - no manual interaction needed

Different fields in the BI configuration (titles, ...) could be used to inject JS code into the WATO dialogs and the BI status views. This could be triggered by users with permission to administrate WATO.