Lucene search
+L

254 matches found

osv
osv
added 2025/03/26 2:21 p.m.12 views

CVE-2025-27404 Icinga Web 2 DOM-based XSS vulnerability

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS6.5AI score0.00561EPSS
Exploits0References5
debiancve
debiancve
added 2025/03/26 2:21 p.m.19 views

CVE-2025-27404

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS5.7AI score0.00561EPSS
Exploits0
ptsecurity
ptsecurity
added 2025/03/26 12:0 a.m.4 views

PT-2025-12970 · Icinga +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...

7.6CVSS6.1AI score0.00561EPSS
Exploits0References58
cnnvd
cnnvd
added 2025/03/26 12:0 a.m.7 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

5.4CVSS5.8AI score0.00228EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/03/26 12:0 a.m.4 views

PT-2025-12941 · Icinga +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...

7.6CVSS7.3AI score0.00561EPSS
Exploits0References20
ptsecurity
ptsecurity
added 2025/03/26 12:0 a.m.6 views

PT-2025-12974 · Icinga +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a request that embeds arbitrary Javascript into the interface, enabling them to act on behal...

7.6CVSS6.2AI score0.00561EPSS
Exploits0References21
ptsecurity
ptsecurity
added 2025/03/26 12:0 a.m.8 views

PT-2025-12975 · Unknown +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.3 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by an authenticated user, manipulates the backend to redirect the us...

7.6CVSS5.8AI score0.00561EPSS
Exploits0References21
cnnvd
cnnvd
added 2025/03/26 12:0 a.m.6 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

7.6CVSS5.8AI score0.00561EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/03/26 12:0 a.m.7 views

Icinga Web 2 输入验证错误漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. An input validation error vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from constructible URLs that result in redirection to an arbitrary location...

6.1CVSS6.5AI score0.00249EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/03/26 12:0 a.m.7 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

7.6CVSS5.8AI score0.00306EPSS
Exploits0References3
nessus
nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-24715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create...

8.8CVSS8.2AI score0.1467EPSS
Exploits5References3
nessus
nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-24714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affecte...

5.3CVSS5.5AI score0.01208EPSS
Exploits0References3
nessus
nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-32746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2...

5.3CVSS6.2AI score0.01306EPSS
Exploits1References3
nessus
nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-32747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to...

6.5CVSS6.6AI score0.01381EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/02/05 9:51 p.m.14 views

CVE-2022-24715

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

8.8CVSS6.9AI score0.1467EPSS
Exploits5References1
redhatcve
redhatcve
added 2025/02/05 9:45 p.m.8 views

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

7.5CVSS6.4AI score0.89378EPSS
Exploits8References1
osv
osv
added 2024/08/05 2:39 p.m.10 views

GHSA-W9PG-7C3H-FC8J ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. CSRF Affected products: Icinga Web =2.12.0 Icinga DB Web =1.0.0 Icinga Notifications Web =0.1.0 Icinga Web JIRA Integration =1.3.0 All affected products, in any version, wil...

5CVSS3.9AI score0.00182EPSS
Exploits0References4
susecve
susecve
added 2024/02/11 3:54 a.m.4 views

SUSE CVE-2024-24820

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery CSRF. It enables attackers to perform changes in the monitoring...

8.3CVSS6.2AI score0.00398EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2024/02/09 1:15 a.m.19 views

CVE-2024-24819

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...

7.1AI score0.0026EPSS
Exploits0
prion
prion
added 2024/02/09 1:15 a.m.15 views

Cross site request forgery (csrf)

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...

6.8CVSS7.3AI score0.0026EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder