CVE-2020-13627

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*

Information

Published : 2020-05-27 09:15

Updated : 2020-05-28 09:54


NVD link : CVE-2020-13627

Mitre link : CVE-2020-13627


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

centreon

  • centreon_host-monitoring_widget
  • centreon_tactical-overview_widget
  • centreon_service-monitoring_widget