Vulnerabilities > Centreon > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-39988 Cross-site Scripting vulnerability in Centreon 22.04.0
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
network
low complexity
centreon CWE-79
5.4
2022-09-26 CVE-2022-40044 Cross-site Scripting vulnerability in Centreon 20.10.18
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
network
low complexity
centreon CWE-79
5.4
2022-08-29 CVE-2022-36194 Cross-site Scripting vulnerability in Centreon 22.04.0
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
network
low complexity
centreon CWE-79
5.4
2022-08-03 CVE-2022-34872 Unspecified vulnerability in Centreon 21.10.2
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon.
network
low complexity
centreon
6.5
2021-07-16 CVE-2021-28054 Cross-site Scripting vulnerability in Centreon 20.10.0
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.
network
low complexity
centreon CWE-79
5.4
2021-05-26 CVE-2021-27676 Cross-site Scripting vulnerability in Centreon 20.10.2
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability.
network
low complexity
centreon CWE-79
5.4
2021-05-04 CVE-2021-26804 Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
network
low complexity
centreon CWE-276
6.5
2021-04-15 CVE-2021-28055 Use of Insufficiently Random Values vulnerability in Centreon 20.10.0
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.
network
low complexity
centreon CWE-330
6.5
2020-05-27 CVE-2020-13628 Cross-site Scripting vulnerability in Centreon products
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php.
network
low complexity
centreon CWE-79
6.1
2020-05-27 CVE-2020-13627 Cross-site Scripting vulnerability in Centreon products
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php.
network
low complexity
centreon CWE-79
6.1