Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings.
Metrics
Affected Vendors & Products
References
History
Fri, 01 Aug 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Icinga
Icinga icinga Web 2 |
|
CPEs | cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:* | |
Vendors & Products |
Icinga
Icinga icinga Web 2 |
Wed, 26 Mar 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 26 Mar 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings. | |
Title | Icinga Web 2 has XSS in embedded content | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-03-26T15:10:10.288Z
Updated: 2025-03-26T15:57:52.238Z
Reserved: 2025-02-24T15:51:17.267Z
Link: CVE-2025-27405

Updated: 2025-03-26T15:32:37.161Z

Status : Analyzed
Published: 2025-03-26T16:15:22.983
Modified: 2025-08-01T15:15:28.260
Link: CVE-2025-27405

No data.