PT-2018-10687 · Centreon · Centreon+1

Published

2018-06-25

Updated

2018-08-28

CVE-2018-11588

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Centreon versions 3.4.6 Centreon Web version 2.8.23

Description The issue allows an authenticated user to inject a payload into the username or command description, resulting in stored XSS. This is related to files such as menu.php and formArguments.php.

Recommendations For Centreon version 3.4.6, update to a version that includes fixes for the stored XSS issue. For Centreon Web version 2.8.23, update to a version that includes fixes for the stored XSS issue. As a temporary workaround, consider restricting access to the menu.php and formArguments.php files until a patch is available. Avoid using the username variable in affected areas until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11588

Affected Products

Centreon

Centreon Web

PT-2018-10687 · Centreon · Centreon+1

CVE-2018-11588

Weakness Enumeration

Related Identifiers

Affected Products

References · 6