Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single "$" character as the Name of a Navigation item.