{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/icinga-web/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Icinga Web","icinga-php-library"],"_cs_severities":["high"],"_cs_tags":["xss","web-application","icinga"],"_cs_type":"advisory","_cs_vendors":["Icinga"],"content_html":"\u003cp\u003eA reflected XSS vulnerability has been identified in Icinga Web, affecting versions up to 0.13.0. This vulnerability arises from the improper handling of malformed search requests, allowing an attacker to inject arbitrary JavaScript code into a victim\u0026rsquo;s browser. The attacker crafts a malicious URL containing the XSS payload and entices the victim to visit this URL. Upon visiting the crafted URL, the injected JavaScript code executes within the context of the Icinga Web application, potentially enabling the attacker to perform actions on behalf of the victim, steal sensitive information, or compromise the integrity of the application. The vulnerability was patched in version 0.13.1 and will be published as part of \u003ccode\u003eicinga-php-library\u003c/code\u003e version 0.19.2. Icinga Web versions 2.12.0 and later can mitigate the issue by enabling Content-Security-Policy (CSP).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a reflected XSS payload within a malformed search request. The payload is designed to execute arbitrary JavaScript code in the victim\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the crafted URL to potential victims through various means, such as phishing emails, social engineering, or malicious websites.\u003c/li\u003e\n\u003cli\u003eThe victim clicks on the malicious URL, unknowingly initiating the XSS attack.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser sends the crafted HTTP request to the Icinga Web server.\u003c/li\u003e\n\u003cli\u003eThe Icinga Web server processes the request and reflects the malicious XSS payload back to the victim\u0026rsquo;s browser in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser renders the HTTP response, executing the injected JavaScript code within the context of the Icinga Web application.\u003c/li\u003e\n\u003cli\u003eThe attacker can now execute arbitrary code, potentially stealing session cookies, performing actions on behalf of the user, or defacing the Icinga Web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised Icinga Web session to gain unauthorized access to sensitive data or perform malicious activities within the Icinga environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the Icinga Web application. This can lead to session hijacking, unauthorized access to sensitive data, defacement of the Icinga Web interface, or further compromise of the Icinga infrastructure. While the exact number of victims is unknown, any organization using vulnerable versions of Icinga Web is at risk. The severity is high due to the potential for significant impact on confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Icinga Web to version 0.13.1 or later to patch the vulnerability. This version contains the fix for CVE-2026-42224.\u003c/li\u003e\n\u003cli\u003eFor Icinga Web versions 2.12.0 and later, enable Content-Security-Policy (CSP) in the general configuration to mitigate the risk of XSS attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Icinga Web XSS Attempt via URI\u0026rdquo; to your SIEM to detect potential exploitation attempts by monitoring for suspicious URI patterns.\u003c/li\u003e\n\u003cli\u003eReview web server logs for unusual or malformed requests targeting the Icinga Web application to identify potential XSS attack attempts (webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"/briefs/2024-01-icinga-web-xss/","summary":"A reflected cross-site scripting (XSS) vulnerability exists in Icinga Web versions 0.13.0 and earlier, allowing attackers to inject malicious JavaScript into a victim's browser through malformed search requests, potentially leading to arbitrary code execution within the Icinga Web context.","title":"Icinga Web Reflected XSS Vulnerability via Malformed Search Requests","url":"https://feed.craftedsignal.io/briefs/2024-01-icinga-web-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Icinga Web","version":"https://jsonfeed.org/version/1.1"}