Werk #6449: Fixed stored XSS using custom host / user attributes

KomponenteGUI
TitelFixed stored XSS using custom host / user attributes
Datum2018-08-14 11:54:16
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.6.0i1,1.5.0p2
LevelTrivial Change
KlasseSecurity Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

A user with admin privileges could inject arbitrary JS code into custom attributes which could then be executed in the context of other users.