Unrated severityOSV Advisory· Published Dec 17, 2018· Updated Aug 5, 2024
CVE-2018-18248
CVE-2018-18248
Description
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.
Affected products
7- Range: v1.0-11, v2.0.0, v2.0.0-beta1, …
- osv-coords5 versionspkg:rpm/opensuse/icingaweb2&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/icingaweb2&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2015%20SP1
< 2.7.3-bp151.5.3.1+ 4 more
- (no CPE)range: < 2.7.3-bp151.5.3.1
- (no CPE)range: < 2.7.3-bp151.5.3.1
- (no CPE)range: < 2.7.3-bp151.5.3.1
- (no CPE)range: < 2.7.3-bp151.5.3.1
- (no CPE)range: < 2.7.3-bp151.5.3.1
Patches
Vulnerability mechanics
References
2- lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.htmlmitrevendor-advisoryx_refsource_SUSE
- herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.