From lm at mathias-kettner.de  Fri Jul  4 15:28:20 2014
From: lm at mathias-kettner.de (Lars Michelsen)
Date: Fri,  4 Jul 2014 15:28:20 +0200 (CEST)
Subject: Check_MK Werk 1052: index start URL can not be used to redirect to
	absolute URLs anymore
Message-ID: <20140704132821.37DF7806BC@mail.mathias-kettner.de>

ID:          1052
Title:       index start URL can not be used to redirect to absolute URLs anymore
Component:   Multisite
Level:       1
Class:       Security Fix
Version:     1.2.5i5

An attacker could make a user open up an URL to a compromised website which the
does not want to open index.py?start_url=http://(url to compromised URL).


From lm at mathias-kettner.de  Thu Jul 24 12:55:11 2014
From: lm at mathias-kettner.de (Lars Michelsen)
Date: Thu, 24 Jul 2014 12:55:11 +0200 (CEST)
Subject: Check_MK Werk 1062: Fixed several XSS issues on different pages
Message-ID: <20140724105511.2D1BD805F7@mail.mathias-kettner.de>

ID:          1062
Title:       Fixed several XSS issues on different pages
Component:   Multisite
Level:       2
Class:       Security Fix
Version:     1.2.5i5

Some pages, like the views and prediction pages missed to escape values
provided by the user.


From lm at mathias-kettner.de  Thu Jul 24 12:55:11 2014
From: lm at mathias-kettner.de (Lars Michelsen)
Date: Thu, 24 Jul 2014 12:55:11 +0200 (CEST)
Subject: Check_MK Werk 1063: Fixed several XSS issues on different pages
Message-ID: <20140724105511.80FC9805F6@mail.mathias-kettner.de>

ID:          1063
Title:       Fixed several XSS issues on different pages
Component:   Multisite
Level:       2
Class:       Security Fix
Version:     1.2.5i5

Several pages like views and prediction pages missed to escape user
provided values before writing them back on the pages.