CVE-2018-11588: XSS
First published: Mon Jun 25 2018(Updated: )
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Centreon Centreon | =3.4.6 | |
| Centreon Centreon Web | =2.8.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11588?
CVE-2018-11588 is a vulnerability in Centreon 3.4.6 and Centreon Web 2.8.23 that allows an authenticated user to inject a payload into the username or command description, resulting in stored XSS.
How severe is CVE-2018-11588?
CVE-2018-11588 has a severity score of 5.4 (medium).
Which software versions are affected by CVE-2018-11588?
Centreon 3.4.6 and Centreon Web 2.8.23 are affected by CVE-2018-11588.
How can I fix CVE-2018-11588?
To fix CVE-2018-11588, upgrade to Centreon 2.8.24 or apply the relevant patches.
Is there any additional information available on CVE-2018-11588?
Yes, you can find additional information on CVE-2018-11588 in the Centreon documentation and related GitHub pull requests.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/centreon
- canonical/centreon centreon
- version/centreon centreon/3.4.6
- canonical/centreon centreon web
- version/centreon centreon web/2.8.23