Filtered by vendor Centreon
Subscribe
Search
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28054 | 1 Centreon | 1 Centreon | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. | |||||
| CVE-2021-27676 | 1 Centreon | 1 Centreon | 2021-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Notifications > Hosts page. | |||||
| CVE-2021-26804 | 1 Centreon | 1 Centreon Web | 2021-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | |||||
| CVE-2021-28055 | 1 Centreon | 1 Centreon | 2021-05-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. | |||||
| CVE-2020-10945 | 1 Centreon | 2 Centreon, Widget-host-monitoring | 2020-08-03 | 3.3 LOW | 4.3 MEDIUM |
| Centreon before 19.10.7 exposes Session IDs in server responses. | |||||
| CVE-2020-13628 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2020-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | |||||
| CVE-2020-13627 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2020-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | |||||
| CVE-2020-10946 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2020-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | |||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2020-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | |||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2020-03-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via parameter āpā in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | |||||
| CVE-2019-16195 | 1 Centreon | 1 Centreon | 2019-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||
| CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2019-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
| CVE-2015-7672 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | |||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | |||||
| CVE-2018-19280 | 1 Centreon | 1 Centreon | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | |||||
| CVE-2018-11588 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-28 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | |||||