Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Icinga Web 2 DOM-based XSS vulnerability
Vulnerability Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Icinga Web 2 跨站脚本漏洞
Vulnerability Description
Icinga Web 2是Icinga开源的一个开源监控和度量解决方案。 Icinga Web 2 2.11.5之前版本和2.12.13之前版本存在跨站脚本漏洞,该漏洞源于可嵌入任意Javascript,可能导致用户身份冒用。
CVSS Information
N/A
Vulnerability Type
N/A