CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt

Products affected by CVE-2018-18248

Icinga » Icinga Web 2 » Version: 2.6.1

cpe:2.3:a:icinga:icinga_web_2:2.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18248

Products

Pricing

Contact Us