CVE-2020-13628
Published May 27, 2020
Last updated 4 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11CDDB5F-0CE5-4096-87A4-F7FD7037B8AC",
"versionEndExcluding": "1.6.4"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD6C9263-8455-4460-9256-8E3024B22ACF",
"versionEndExcluding": "18.10.3",
"versionStartIncluding": "18.10.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2008D772-6518-4F3F-90F5-AD0DCA60D165",
"versionEndExcluding": "19.0.1",
"versionStartIncluding": "19.0.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4FC23D4-13D9-495A-8C0E-361792AD30EF",
"versionEndExcluding": "19.04.3",
"versionStartIncluding": "19.04.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C768C6C6-45AC-403A-9A38-F11A18080F40",
"versionEndExcluding": "1.0.3"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74B069A6-1F9A-4CE6-8F86-F0D020B31A58",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.10.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC7CF011-6871-4452-A07F-C08C2D3D629F",
"versionEndExcluding": "19.04.1",
"versionStartIncluding": "19.04.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "335A0BD6-014E-4CE8-A9EE-4328C2C1AE18",
"versionEndExcluding": "19.10.1",
"versionStartIncluding": "19.10.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C2C055-430F-4913-B650-8C0233D99F42",
"versionEndExcluding": "1.6.4"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4582BF2-2BEF-4E32-B537-2898859AAFF2",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8903042C-5B5B-4CAF-94E2-BFA5F0CE5EC1",
"versionEndExcluding": "19.04.3",
"versionStartIncluding": "19.04.0"
},
{
"criteria": "cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50369D54-898A-4FB3-8246-E8BD3BA8A913",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0"
}
],
"operator": "OR"
}
]
}
]