Cross-Site Scripting Vulnerability in Icinga Web 2 by Icinga
CVE-2018-18248

6.1MEDIUM

Key Information:

Vendor

Icinga

Status
Icinga Web 2
Vendor
CVE Published:
17 December 2018

What is CVE-2018-18248?

Icinga Web 2 is susceptible to Cross-Site Scripting (XSS) through multiple query parameters in its URLs, including the /monitoring/list/services directory, /user/list, and /monitoring/timeline. Attackers can exploit this flaw to inject arbitrary JavaScript into pages viewed by other users, potentially leading to unauthorized actions or data theft. Organizations using Icinga Web 2 should ensure that they apply the latest security updates to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.