Advisories for Composer/Ipl/Web package

The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing.

Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: Icinga Web (>=2.12.0) Icinga DB Web (>=1.0.0) Icinga Notifications Web (>=0.1.0) Icinga Web JIRA Integration (>=1.3.0) All affected products, in any version, will be unaffected by this once icinga-php-library is upgraded.