Ipl Web

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:icinga:ipl-web:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorIcinga (f3c2076d-deab-53f8-8d1d-6154f519c3cc)
ProductIpl Web (dd555b67-34e0-594b-b7e7-518dc1bb7bf4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-42224 vulnerable 2026-06-03 15:25:00.797314 ipl/web is vulnerable to reflected XSS by malformed search requests
HIGH (7.6)
ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. This issue has been patched in version 0.13.1.
Published: 2026-05-08T22:02:52.231Z
Updated: 2026-05-11T15:58:31.300Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-41811 vulnerable 2026-06-03 14:56:35.076763 ipl/web susceptible to Cross-Site Request Forgery (CSRF)
LOW (3.9)
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
Published: 2024-08-05T20:17:30.849Z
Updated: 2024-08-06T13:53:56.318Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.