|Titel||Fixed possible reflected XSS using custom bookmarks|
|Check_MK Edition||Check_MK Raw Edition (CRE)|
|Level||1 - Trivial Change|
|Kompatibilität||Kompatibel - benötigt keine manuelles eingreifen|
For example the user session cookies can be read and reported to the attackers, who could then hijack the users sessions with the application.
This issue has been fixed by limiting absolute URLs in bookmarks to the URL schemes https and http.