254 matches found
CVE-2025-27404 Icinga Web 2 DOM-based XSS vulnerability
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-27404
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
PT-2025-12970 · Icinga +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...
Icinga Web 2 跨站脚本漏洞
Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...
PT-2025-12941 · Icinga +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...
PT-2025-12974 · Icinga +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a request that embeds arbitrary Javascript into the interface, enabling them to act on behal...
PT-2025-12975 · Unknown +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.3 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by an authenticated user, manipulates the backend to redirect the us...
Icinga Web 2 跨站脚本漏洞
Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...
Icinga Web 2 输入验证错误漏洞
Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. An input validation error vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from constructible URLs that result in redirection to an arbitrary location...
Icinga Web 2 跨站脚本漏洞
Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...
Linux Distros Unpatched Vulnerability : CVE-2022-24715
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create...
Linux Distros Unpatched Vulnerability : CVE-2022-24714
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affecte...
Linux Distros Unpatched Vulnerability : CVE-2021-32746
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2...
Linux Distros Unpatched Vulnerability : CVE-2021-32747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to...
CVE-2022-24715
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...
CVE-2022-24716
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...
GHSA-W9PG-7C3H-FC8J ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. CSRF Affected products: Icinga Web =2.12.0 Icinga DB Web =1.0.0 Icinga Notifications Web =0.1.0 Icinga Web JIRA Integration =1.3.0 All affected products, in any version, wil...
SUSE CVE-2024-24820
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery CSRF. It enables attackers to perform changes in the monitoring...
CVE-2024-24819
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...
Cross site request forgery (csrf)
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...