centreon/centreon is vulnerable to local file inclusion. Lack of validation of a filename in brokerPerformance.php
allows an attacker to include a malicious file containing Javascript code on the server which was uploaded prior to the attack, potentially leading to execution of arbitrary Javascript code in a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
centreon/centreon | le | 2.8.x-dev |