Refactoring: Changed remaining check parameters starting with an 's' to the new rules...
[check_mk.git] / .werks / 2389
blobf3d7ed647e0b62662ec77655161df6ce506f4a75
1 Title: Fixed XSS using the _body_class parameter of views
2 Level: 1
3 Component: multisite
4 Class: security
5 Compatible: compat
6 State: unknown
7 Version: 1.2.7i3
8 Date: 1435653652
10 It was possible to use the _body_class parameter of the status GUI views
11 to inject HTML/Javascript code into the pages.
13 The _body_class parameter, which was only used for internal purposes, has
14 totally been removed now.