Icinga Web 2 Vulnerable to Reflected XSS

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings. Any modern browser with a working CORS implementation also sufficiently guards against the vulnerability.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Icinga Web 2 跨站脚本漏洞

Icinga Web 2是Icinga开源的一个开源监控和度量解决方案。 Icinga Web 2 2.11.5之前版本和2.12.13之前版本存在跨站脚本漏洞，该漏洞源于可嵌入任意Javascript，可能导致用户身份冒用。

N/A

N/A