| ID |
CVE-2025-27406
|
| Sažetak |
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings. |
| Reference |
|
| CVSS |
| Base: | 7.6 |
| Impact: | 6.0 |
| Exploitability: | 1.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
HIGH |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
HIGH |
HIGH |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
| Zadnje važnije ažuriranje |
27-03-2025 - 16:45 |
| Objavljeno |
26-03-2025 - 16:15 |
