HIGH
Icinga
CVE published 2026-05-08
CVE-2026-42224
CVE-2026-42224 is a high-severity vulnerability in ipl/web, a set of common web components for PHP projects. An attacker can inject malicious JavaScript into a victim's browser, allowing it to run in the context of Icinga Web. The victim must visit a specifically prepared website, and may not immediately notice any wrongdoing. This issue has been patched in versions 0.13.1 and 0.10.3.