Werk #6423: Fixed possible XSS in views with some filters

KomponenteGUI
TitelFixed possible XSS in views with some filters
Datum2018-08-02 19:38:37
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.4.0p35,1.6.0i1,1.5.0p1
LevelTrivial Change
KlasseBug Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

It was possible to inject some specific HTML tags (like the a-tag) into the title of views which could be used to make users click on it to execute some arbitrary javascript code.