repo.or.cz
/
check_mk.git
/
blob
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
log
|
graphiclog1
|
graphiclog2
|
commit
|
commitdiff
|
tree
|
refs
|
edit
|
fork
blame
|
history
|
raw
|
HEAD
Licenses: Updated the list of licenses and added a PDF containing all license texts
[check_mk.git]
/
.werks
/
6449
blob
9e030d9003b1cc76437f62ebd9f520caa70fe6f8
1
Title: Fixed stored XSS using custom host / user attributes
2
Level: 1
3
Component: multisite
4
Class: security
5
Compatible: compat
6
Edition: cre
7
State: unknown
8
Version: 1.6.0i1
9
Date: 1534240456
10
11
A user with admin privileges could inject arbitrary JS code into custom
12
attributes which could then be executed in the context of other users.