From lm at mathias-kettner.de Fri Jul 4 15:28:20 2014 From: lm at mathias-kettner.de (Lars Michelsen) Date: Fri, 4 Jul 2014 15:28:20 +0200 (CEST) Subject: Check_MK Werk 1052: index start URL can not be used to redirect to absolute URLs anymore Message-ID: <20140704132821.37DF7806BC@mail.mathias-kettner.de> ID: 1052 Title: index start URL can not be used to redirect to absolute URLs anymore Component: Multisite Level: 1 Class: Security Fix Version: 1.2.5i5 An attacker could make a user open up an URL to a compromised website which the does not want to open index.py?start_url=http://(url to compromised URL). From lm at mathias-kettner.de Thu Jul 24 12:55:11 2014 From: lm at mathias-kettner.de (Lars Michelsen) Date: Thu, 24 Jul 2014 12:55:11 +0200 (CEST) Subject: Check_MK Werk 1062: Fixed several XSS issues on different pages Message-ID: <20140724105511.2D1BD805F7@mail.mathias-kettner.de> ID: 1062 Title: Fixed several XSS issues on different pages Component: Multisite Level: 2 Class: Security Fix Version: 1.2.5i5 Some pages, like the views and prediction pages missed to escape values provided by the user. From lm at mathias-kettner.de Thu Jul 24 12:55:11 2014 From: lm at mathias-kettner.de (Lars Michelsen) Date: Thu, 24 Jul 2014 12:55:11 +0200 (CEST) Subject: Check_MK Werk 1063: Fixed several XSS issues on different pages Message-ID: <20140724105511.80FC9805F6@mail.mathias-kettner.de> ID: 1063 Title: Fixed several XSS issues on different pages Component: Multisite Level: 2 Class: Security Fix Version: 1.2.5i5 Several pages like views and prediction pages missed to escape user provided values before writing them back on the pages.