Moreamazingnick

**Name of the Vulnerable Software and Affected Versions** Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 **Description** A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into Icinga Web and allows the attacker to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. **Recommendations** For versions prior to 2.11.5, update to version 2.11.5 or later. For versions prior to 2.12.13, update to version 2.12.3 or later. As a temporary workaround for those with Icinga Web 2.12.2, enable a content security policy in the application settings.