Vulnerabilities > Centreon

DATE CVE VULNERABILITY TITLE RISK
2021-07-16 CVE-2021-28054 Cross-site Scripting vulnerability in Centreon 20.10.0
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.
network
centreon CWE-79
3.5
2021-05-26 CVE-2021-27676 Cross-site Scripting vulnerability in Centreon 20.10.2
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability.
network
centreon CWE-79
3.5
2021-05-04 CVE-2021-26804 Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
network
low complexity
centreon CWE-276
6.5
2021-04-15 CVE-2021-28055 Cross-Site Request Forgery (CSRF) vulnerability in Centreon 20.10.0
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.
network
centreon CWE-352
4.3
2021-02-15 CVE-2020-22425 SQL Injection vulnerability in Centreon 19.10
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
network
low complexity
centreon CWE-89
8.8
2020-05-27 CVE-2020-13628 Cross-site Scripting vulnerability in Centreon products
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php.
network
centreon CWE-79
4.3
2020-05-27 CVE-2020-13627 Cross-site Scripting vulnerability in Centreon products
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php.
network
centreon CWE-79
4.3
2020-05-27 CVE-2020-10946 Cross-site Scripting vulnerability in Centreon products
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php.
network
centreon CWE-79
4.3
2020-05-27 CVE-2020-10945 Information Exposure vulnerability in Centreon
Centreon before 19.10.7 exposes Session IDs in server responses.
low complexity
centreon CWE-200
3.3
2020-05-21 CVE-2020-13252 OS Command Injection vulnerability in Centreon
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
network
low complexity
centreon CWE-78
critical
9.0