Cross-Site Scripting Vulnerability in Icinga Web 2 by Icinga
CVE-2018-18248

6.1MEDIUM

Key Information:

Vendor: Icinga
Status: Icinga Web 2
Vendor: CVE Published:; 17 December 2018

What is CVE-2018-18248?

Icinga Web 2 is susceptible to Cross-Site Scripting (XSS) through multiple query parameters in its URLs, including the /monitoring/list/services directory, /user/list, and /monitoring/timeline. Attackers can exploit this flaw to inject arbitrary JavaScript into pages viewed by other users, potentially leading to unauthorized actions or data theft. Organizations using Icinga Web 2 should ensure that they apply the latest security updates to mitigate this vulnerability.

References

https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2018
Vulnerability Reserved
Oct 11, 2018

CVE-2018-18248 Data

JSON