Stored XSS Vulnerability in Centreon Web Product by Centreon
CVE-2018-11588

5.4MEDIUM

Key Information:

Vendor

Centreon

Status
Centreon Web
Centreon
Vendor
CVE Published:
25 June 2018

What is CVE-2018-11588?

Centreon 3.4.6 and Centreon Web 2.8.23 are susceptible to a stored Cross-Site Scripting (XSS) vulnerability that allows an authenticated user to inject malicious payloads into the username or command description fields. This vulnerability arises due to insufficient validation in specific PHP files, notably 'menu.php' and 'formArguments.php'. As attackers exploit this flaw, they can potentially execute arbitrary scripts in the context of the affected user's session, jeopardizing the security of the application and its users.

References

https://github.com/centreon/centreon/releases
x_refsource_CONFIRM
https://documentation.centreon.com/docs/centreon/en/lates...
x_refsource_CONFIRM
https://github.com/centreon/centreon/pull/6260
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.