Vulnerabilities > Centreon > Centreon WEB > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-04 | CVE-2021-26804 | Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2 Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | 6.5 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.3 |
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 6.1 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 6.5 |
| 2018-06-25 | CVE-2018-11588 | Cross-site Scripting vulnerability in Centreon and Centreon web Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. | 5.4 |