PT-2018-10687 · Centreon · Centreon+1

Publicado

2018-06-25

Atualizado

2018-08-28

CVE-2018-11588

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Centreon versions 3.4.6 Centreon Web version 2.8.23

Description The issue allows an authenticated user to inject a payload into the username or command description, resulting in stored XSS. This is related to files such as menu.php and formArguments.php.

Recommendations For Centreon version 3.4.6, update to a version that includes fixes for the stored XSS issue. For Centreon Web version 2.8.23, update to a version that includes fixes for the stored XSS issue. As a temporary workaround, consider restricting access to the menu.php and formArguments.php files until a patch is available. Avoid using the username variable in affected areas until the issue is resolved.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-11588

Produtos afetados

Centreon

Centreon Web

PT-2018-10687 · Centreon · Centreon+1

CVE-2018-11588

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6