| Bug | stretch | buster | sid | Description |
|---|
| CVE-2018-18250 | vulnerable (no DSA) | fixed | fixed | Icinga Web 2 before 2.6.2 allows parameters that break navigation dash ... |
| CVE-2018-18249 | vulnerable (no DSA) | fixed | fixed | Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives ... |
| CVE-2018-18248 | vulnerable (no DSA) | fixed | fixed | Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir ... |
| CVE-2018-18247 | vulnerable (no DSA) | fixed | fixed | Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add i ... |
| CVE-2018-18246 | vulnerable (no DSA) | fixed | fixed | Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisabl ... |