ID UB:CVE-2021-28054
Type ubuntucve
Reporter ubuntu.com
Modified 2021-07-16T00:00:00
Description
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A
Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows
remote authenticated users to inject arbitrary web script or HTML via the
Alias parameter.
{"id": "UB:CVE-2021-28054", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-28054", "description": "An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A\nStored Cross-Site Scripting (XSS) issue in \"Configuration > Hosts\" allows\nremote authenticated users to inject arbitrary web script or HTML via the\nAlias parameter.", "published": "2021-07-16T00:00:00", "modified": "2021-07-16T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "https://ubuntu.com/security/CVE-2021-28054", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28054", "https://docs.centreon.com/current/en/", "https://redshell.co", "https://github.com/centreon/centreon/releases/tag/20.04.13", "https://nvd.nist.gov/vuln/detail/CVE-2021-28054", "https://launchpad.net/bugs/cve/CVE-2021-28054", "https://security-tracker.debian.org/tracker/CVE-2021-28054"], "cvelist": ["CVE-2021-28054"], "immutableFields": [], "lastseen": "2022-01-21T20:19:13", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-28054"]}], "rev": 4}, "score": {"value": 4.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-28054"]}]}, "exploitation": null, "vulnersScore": 4.7}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "centreon-engine"}, {"OS": "ubuntu", "OSVersion": "21.10", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "centreon-engine"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "centreon-engine"}], "bugs": [], "_state": {"dependencies": 1646223139}}
{"cve": [{"lastseen": "2022-03-23T16:20:17", "description": "An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in \"Configuration > Hosts\" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-16T15:15:00", "type": "cve", "title": "CVE-2021-28054", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28054"], "modified": "2021-08-04T20:07:00", "cpe": ["cpe:/a:centreon:centreon:20.10.0"], "id": "CVE-2021-28054", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28054", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:centreon:centreon:20.10.0:*:*:*:*:*:*:*"]}]}