CVE-2026-42224

CVSS v3.1

7.6

High

Vector

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1

Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website, potentially without noticing any suspicious activity.

Recommendations Update to version 0.13.1. Enable the Content-Security-Policy (CSP) in the general configuration of Icinga Web.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-42224

GHSA-55WF-5M3Q-6JJF

OPENSUSE-SU-2026:10693-1

Affected Products

Icinga Web

CVE-2026-42224

Weakness Enumeration

Related Identifiers

Affected Products

References · 11