Vulnerability Details CVE-2020-10946
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-10946
-
cpe:2.3:a:centreon:centreon_host-monitoring_widget:*
-
cpe:2.3:a:centreon:centreon_host-monitoring_widget:18.10.0
-
cpe:2.3:a:centreon:centreon_host-monitoring_widget:19.0.0
-
cpe:2.3:a:centreon:centreon_host-monitoring_widget:19.04.0
-
cpe:2.3:a:centreon:centreon_service-monitoring_widget:*
-
cpe:2.3:a:centreon:centreon_service-monitoring_widget:18.10.0
-
cpe:2.3:a:centreon:centreon_service-monitoring_widget:19.04.0
-
cpe:2.3:a:centreon:centreon_service-monitoring_widget:19.10.0
-
cpe:2.3:a:centreon:centreon_tactical-overview_widget:*
-
cpe:2.3:a:centreon:centreon_tactical-overview_widget:18.10.0
-
cpe:2.3:a:centreon:centreon_tactical-overview_widget:19.04.0
-
cpe:2.3:a:centreon:centreon_tactical-overview_widget:19.10.0