Vulnerabilities > Centreon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-27 | CVE-2020-10946 | Cross-site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. | 6.1 |
| 2020-05-27 | CVE-2020-10945 | Information Exposure vulnerability in Centreon and Widget-Host-Monitoring Centreon before 19.10.7 exposes Session IDs in server responses. | 4.3 |
| 2020-03-20 | CVE-2019-19486 | Path Traversal vulnerability in Centreon Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | 6.5 |
| 2020-03-20 | CVE-2019-19484 | Open Redirect vulnerability in Centreon Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | 6.1 |
| 2019-11-26 | CVE-2019-16195 | Cross-site Scripting vulnerability in Centreon Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | 6.1 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.3 |
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 6.1 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 6.5 |
| 2018-11-16 | CVE-2018-19311 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | 5.4 |
| 2018-11-14 | CVE-2018-19280 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | 6.1 |