PT-2020-13624 · Centreon+1 · Centreon Service-Monitoring Widget+3

Published

2020-05-27

·

Updated

2020-05-28

·

CVE-2020-13627

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Centreon host-monitoring widget versions prior to 1.6.4 Centreon host-monitoring widget versions prior to 18.10.3 Centreon host-monitoring widget versions prior to 19.04.3 Centreon host-monitoring widget versions prior to 19.0.1 Centreon service-monitoring widget versions prior to 1.6.4 Centreon service-monitoring widget versions prior to 18.10.5 Centreon service-monitoring widget versions prior to 19.04.3 Centreon service-monitoring widget versions prior to 19.10.2 Centreon tactical-overview widget versions prior to 1.0.3 Centreon tactical-overview widget versions prior to 18.10.1 Centreon tactical-overview widget versions prior to 19.04.1 Centreon tactical-overview widget versions prior to 19.10.1
Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php.
Recommendations For Centreon host-monitoring widget versions prior to 1.6.4, update to version 1.6.4 or later. For Centreon host-monitoring widget versions prior to 18.10.3, update to version 18.10.3 or later. For Centreon host-monitoring widget versions prior to 19.04.3, update to version 19.04.3 or later. For Centreon host-monitoring widget versions prior to 19.0.1, update to version 19.0.1 or later. For Centreon service-monitoring widget versions prior to 1.6.4, update to version 1.6.4 or later. For Centreon service-monitoring widget versions prior to 18.10.5, update to version 18.10.5 or later. For Centreon service-monitoring widget versions prior to 19.04.3, update to version 19.04.3 or later. For Centreon service-monitoring widget versions prior to 19.10.2, update to version 19.10.2 or later. For Centreon tactical-overview widget versions prior to 1.0.3, update to version 1.0.3 or later. For Centreon tactical-overview widget versions prior to 18.10.1, update to version 18.10.1 or later. For Centreon tactical-overview widget versions prior to 19.04.1, update to version 19.04.1 or later. For Centreon tactical-overview widget versions prior to 19.10.1, update to version 19.10.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-13627

Affected Products

Centreon Host-Monitoring Widget
Centreon Service-Monitoring Widget
Centreon Tactical-Overview Widget
Php