CVE-2025-27404

High CVSS: 7.6

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings.

Vendor

Icinga

Product

Icinga Web 2

CWE

CWE-79

Yayın Tarihi

2025-03-26 15:16:14

Güncelleme

2025-08-01 15:18:18

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Icinga Web 2 HIGH Icinga 2025

Referanslar

https://github.com/Icinga/icingaweb2/releases/tag/v2.11.5 https://github.com/Icinga/icingaweb2/releases/tag/v2.12.3 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-c6pg-h955-wf66

Benzer Kayıtlar

Medium

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.…

Medium

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of W…

Medium

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script…

High

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to th…

High

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invali…

Medium

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with acce…