Syad

**Name of the Vulnerable Software and Affected Versions** Centreon version 22.04.0 **Description** The issue is related to a Cross Site Scripting (XSS) attack. It can be exploited from the function Pollers > Broker Configuration by adding a crafted payload into the `name` parameter. This allows for the execution of malicious scripts. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. Technical details about exploitation include the use of a crafted payload in the `name` parameter. The API endpoint `/centreon/main.get.php?p=60909` is involved, specifically the section where the "Add" button is clicked and the payload is entered in the "Name" section. **Recommendations** For Centreon version 22.04.0, as a temporary workaround, consider disabling the Pollers > Broker Configuration function until a patch is available. Restrict access to the `/centreon/main.get.php?p=60909` endpoint to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.