Lucene search
SyadPACKETSTORM:168585HistoryOct 01, 2022 - 12:00 a.m.
Centreon 22.04.0 Cross Site Scripting
2022-10-0100:00:00
syad
packetstormsecurity.com
152
0.0005 Low
EPSS
Percentile
17.9%
`# Exploit Title: Stored XSS in service_alias parameter in Centreon version 22.04.0
# Date: 1/10/2022
# Exploit Author: syad
# Vendor Homepage: Centreon
# Software Link: https://download.centreon.com/
# Version: 22.04.0
# CVE ID : CVE-2022-39988
# Tested on: Centos 7
Centreon 22.04.0 is vulnerable to Stored Cross Site Scripting (XSS) from the function Service -> Templates -> by adding a crafted payload
into the service_alias parameter.
go to this endpoint -> /centreon/main.get.php?p=60206 -> Service -> Templates -> Click Button "Add" and put the crafted payload below on section "Alias" and save
payload --> test"><body onload=prompt('XSS-STORED')>
`
Related
cvelist
cvelist
CVE-2022-39988
2022-10-06 00:00:00
prion
prion
Cross site scripting
2022-10-06 18:16:00
cnvd
cnvd
Centreon Cross-Site Scripting Vulnerability (CNVD-2022-68269)
2022-10-09 00:00:00
zdt
zdt
Centreon 22.04.0 Cross Site Scripting Vulnerability
2022-10-03 00:00:00
osv
osv
CVE-2022-39988
2022-10-06 18:16:19
nvd
nvd
CVE-2022-39988
2022-10-06 18:16:19
cve
cve
CVE-2022-39988
2022-10-06 18:16:19