PT-2022-25174 · Centreon · Centreon

Published

2022-09-26

Updated

2022-09-28

CVE-2022-40044

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Centreon version 20.10.18

Description The issue is a cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload via the esc name parameter at the Configuration/Notifications/Escalations endpoint. This enables attackers to potentially manipulate web page content.

Recommendations For Centreon version 20.10.18, update to version 21.04.16, 21.10.8, or 22.04.2 to resolve the issue. As a temporary workaround, consider restricting access to the Configuration/Notifications/Escalations endpoint or avoiding the use of the esc name parameter until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-40044

GHSA-RV5Q-72P2-2Q24

Affected Products

Centreon

PT-2022-25174 · Centreon · Centreon

CVE-2022-40044

Weakness Enumeration

Related Identifiers

Affected Products

References · 10