216.73.216.233

CVE-2025-27406

· Published 26/03/2025 16:15 · Modified 27/03/2025 16:45

Labels: CVE-2025-27406 2025-03-26CVE-2025-27406CWE-79[email protected]

Essential information

Published
26/03/2025 16:15
Modified
27/03/2025 16:45
Author
Creator
CVSS
7.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
icinga / icinga reporting cpe:2.3:a:icinga:icinga_reporting:0.10.0-1.0.2:*:*:*:*:*:*:*
icinga / icinga reporting cpe:2.3:a:icinga:icinga_reporting:1.0.3:*:*:*:*:*:*:*

References