Centreon contains cross-site scripting vulnerability via esc_name parameter
Moderate severity
GitHub Reviewed
Published
Sep 27, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Package
Affected versions
< 21.04.16
>= 21.10.0, < 21.10.8
>= 22.0.0, < 22.04.1
Patched versions
21.04.16
21.10.8
22.04.1
Description
Published by the National Vulnerability Database
Sep 26, 2022
Published to the GitHub Advisory Database
Sep 27, 2022
Reviewed
Sep 30, 2022
Last updated
Jan 29, 2023
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the
esc_name(Escalation Name) parameter atConfiguration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.References