Centreon: >> Centreon >> 20.10.0 Security Vulnerabilities
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-07-16
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-07-16
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-15
Page 2