CVE-2020-13628

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

Centreon Web Command Injection Vulnerability

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A command injection vulnerability exists in the...

CVE-2019-15300

A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldaphost.php. The arId parameter is not properly filtered before being passed to the SQL query...

Centreon VM Memory Corruption Vulnerability

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring capabilities for network, system and application resources.Centreon VM is the virtual machine version of Centreon. A security vulnerability exists i...