CVE-2021-27676

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Notifications > Hosts page.

Published: May 26, 2021
Updated: May 9, 2024
CVE: CVE-2021-27676
GHSA: GHSA-r5mf-q76q-f2xq
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
centreon / centreon	20.10.2	20.10.2.x
centreon / centreon	-	20.10.7

http://centreon.com
https://github.com/centreon/centreon/pull/9587
https://github.com/centreon/centreon/releases/tag/20.10.7

Vulnerability Database

289,697

CVE-2021-27676