Vulnerabilities > Centreon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-16195 | Cross-site Scripting vulnerability in Centreon Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | 4.3 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.0 |
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 4.3 |
| 2019-10-08 | CVE-2019-17107 | Code Injection vulnerability in Centreon web minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. | 6.5 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 4.0 |
| 2019-10-08 | CVE-2019-17104 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Centreon VM 19.04.2/19.04.3 In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | 5.0 |
| 2019-10-08 | CVE-2018-21023 | Code Injection vulnerability in Centreon web getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21022 | SQL Injection vulnerability in Centreon web makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21021 | SQL Injection vulnerability in Centreon web img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21020 | Improper Input Validation vulnerability in Centreon web In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 5.0 |