ByteOS Network

ipl-web

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-42224

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.6||HIGH

EPSS-0.04% / 11.62%

7 Day CHG~0.00%

Published-08 May, 2026 | 22:02

Updated-11 May, 2026 | 15:58

ipl/web is vulnerable to reflected XSS by malformed search requests

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. This issue has been patched in version 0.13.1.

Vendor-Icinga

Product-ipl-web

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-41811

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-3.9||LOW

EPSS-0.14% / 34.34%

7 Day CHG~0.00%

Published-05 Aug, 2024 | 20:17

Updated-15 Apr, 2026 | 00:35

ipl/web susceptible to Cross-Site Request Forgery (CSRF)

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Vendor-Icinga

Product-ipl-web

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)