Vulnerability Description
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centreon | Centreon | 3.4.6 |
| Centreon | Centreon Web | 2.8.23 |
Related Weaknesses (CWE)
References
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreoVendor Advisory
- https://github.com/centreon/centreon/pull/6259PatchThird Party Advisory
- https://github.com/centreon/centreon/pull/6260PatchThird Party Advisory
- https://github.com/centreon/centreon/releasesRelease NotesThird Party Advisory
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreoVendor Advisory
- https://github.com/centreon/centreon/pull/6259PatchThird Party Advisory
- https://github.com/centreon/centreon/pull/6260PatchThird Party Advisory
- https://github.com/centreon/centreon/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2018-11588?
CVE-2018-11588 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/includ...
How severe is CVE-2018-11588?
CVE-2018-11588 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11588?
Check the references section above for vendor advisories and patch information. Affected products include: Centreon Centreon, Centreon Centreon Web.