Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39988
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows malicious users to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
Centreon Centreon 22.04.0
NA
CVE-2022-40043
Centreon v20.10.18 exists to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
Centreon Centreon 20.10.18
NA
CVE-2022-40044
Centreon v20.10.18 exists to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via injecting a crafted payl...
Centreon Centreon 20.10.18
NA
CVE-2022-41142
This vulnerability allows remote malicious users to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from ...
Centreon Centreon 22.04.2
3.5
CVSSv2
CVE-2021-27676
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Notifications > Hosts ...
Centreon Centreon 20.10.2
6.5
CVSSv2
CVE-2021-28053
An issue exists in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
Centreon Centreon 20.10.0
3.5
CVSSv2
CVE-2021-28054
An issue exists in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.
Centreon Centreon 20.10.0
4.3
CVSSv2
CVE-2021-28055
An issue exists in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Centreon Centreon 20.10.0
5
CVSSv2
CVE-2019-17104
In Centreon VM up to and including 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Centreon Centreon Vm
5
CVSSv2
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »