Lucene search
Syad1337DAY-ID-38005HistoryOct 03, 2022 - 12:00 a.m.
Centreon 22.04.0 Cross Site Scripting Vulnerability
2022-10-0300:00:00
syad
0day.today
254
0.0005 Low
EPSS
Percentile
17.9%
# Exploit Title: Stored XSS in service_alias parameter in Centreon version 22.04.0
# Exploit Author: syad
# Vendor Homepage: Centreon
# Software Link: https://download.centreon.com/
# Version: 22.04.0
# CVE ID : CVE-2022-39988
# Tested on: Centos 7
Centreon 22.04.0 is vulnerable to Stored Cross Site Scripting (XSS) from the function Service -> Templates -> by adding a crafted payload
into the service_alias parameter.
go to this endpoint -> /centreon/main.get.php?p=60206 -> Service -> Templates -> Click Button "Add" and put the crafted payload below on section "Alias" and save
payload --> test"><body onload=prompt('XSS-STORED')>
Related
prion
prion
Cross site scripting
2022-10-06 18:16:00
cvelist
cvelist
CVE-2022-39988
2022-10-06 00:00:00
cnvd
cnvd
Centreon Cross-Site Scripting Vulnerability (CNVD-2022-68269)
2022-10-09 00:00:00
cve
cve
CVE-2022-39988
2022-10-06 18:16:19
osv
osv
CVE-2022-39988
2022-10-06 18:16:19
nvd
nvd
CVE-2022-39988
2022-10-06 18:16:19
packetstorm
packetstorm
Centreon 22.04.0 Cross Site Scripting
2022-10-01 00:00:00