Vulnerabilities > Centreon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-39988 | Cross-site Scripting vulnerability in Centreon 22.04.0 A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. | 5.4 |
| 2022-09-26 | CVE-2022-40044 | Cross-site Scripting vulnerability in Centreon 20.10.18 Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | 5.4 |
| 2021-08-03 | CVE-2021-37556 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. | 6.5 |
| 2021-08-03 | CVE-2021-37557 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | 6.5 |
| 2021-07-16 | CVE-2021-28053 | SQL Injection vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 6.5 |
| 2021-05-04 | CVE-2021-26804 | Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2 Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | 6.5 |
| 2021-04-15 | CVE-2021-28055 | Cross-Site Request Forgery (CSRF) vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 4.3 |
| 2020-05-27 | CVE-2020-13628 | Cross-site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. | 4.3 |
| 2020-05-27 | CVE-2020-13627 | Cross-site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. | 4.3 |
| 2020-05-27 | CVE-2020-10946 | Cross-site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. | 4.3 |