Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Centreon 22.04.0 Cross Site Scripting[6]
- Authored by yunaranyancat[7], syad[8], saitamang[9]
-
Centreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.
- advisories | CVE-2022-36194[10]
- SHA-256 |
3d70a278906238ba02b36becf352ebf454b3dd1b330a5747bf3dbac98c1a8336 - Download[11] | Favorite[12] | View[13]
Change Mirror[14] Download[15]
# Exploit Title: Stored XSS in name parameter in Centreon version 22.04.0
# Date:
# Exploit Author: syad, yunaranyancat, saitamang
# Vendor Homepage: Centreon
# Software Link: https://download.centreon.com/
# Version: 22.04.0
# CVE ID : CVE-2022-36194
# Tested on: Centos 7
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload
into the name parameter.
go to this endpoint -> /centreon/main.get.php?p=60909 -> Pollers -> Broker Configuration -> Click Button "Add" and put the crafted payload below on section "Name" and save
payload --> test"><body onload=prompt(document.cookie)>
Subscribe to an RSS
FeedFile Tags
- ActiveX[20] (932)
- Advisory[21] (78,055)
- Arbitrary[22] (15,217)
- BBS[23] (2,859)
- Bypass[24] (1,577)
- CGI[25] (1,013)
- Code Execution[26] (6,731)
- Conference[27] (671)
- Cracker[28] (797)
- CSRF[29] (3,274)
- DoS[30] (21,971)
- Encryption[31] (2,336)
- Exploit[32] (50,021)
- File Inclusion[33] (4,153)
- File Upload[34] (945)
- Firewall[35] (821)
- Info Disclosure[36] (2,562)
- Intrusion Detection[37] (858)
- Java[38] (2,821)
- JavaScript[39] (802)
- Kernel[40] (6,111)
- Local[41] (14,053)
- Magazine[42] (586)
- Overflow[43] (12,240)
- Perl[44] (1,413)
- PHP[45] (5,055)
- Proof of Concept[46] (2,283)
- Protocol[47] (3,330)
- Python[48] (1,404)
- Remote[49] (29,806)
- Root[50] (3,458)
- Ruby[51] (578)
- Scanner[52] (1,630)
- Security Tool[53] (7,720)
- Shell[54] (3,069)
- Shellcode[55] (1,203)
- Sniffer[56] (882)
- Spoof[57] (2,116)
- SQL Injection[58] (16,045)
- TCP[59] (2,366)
- Trojan[60] (676)
- UDP[61] (869)
- Virus[62] (660)
- Vulnerability[63] (30,594)
- Web[64] (9,087)
- Whitepaper[65] (3,723)
- x86[66] (943)
- XSS[67] (17,368)
- Other[68]
File Archives
- August 2022[69]
- July 2022[70]
- June 2022[71]
- May 2022[72]
- April 2022[73]
- March 2022[74]
- February 2022[75]
- January 2022[76]
- December 2021[77]
- November 2021[78]
- October 2021[79]
- September 2021[80]
- Older[81]
Systems
- AIX[82] (426)
- Apple[83] (1,893)
- BSD[84] (369)
- CentOS[85] (55)
- Cisco[86] (1,913)
- Debian[87] (5,948)
- Fedora[88] (1,690)
- FreeBSD[89] (1,242)
- Gentoo[90] (4,188)
- HPUX[91] (878)
- iOS[92] (320)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (67)
- Linux[96] (42,707)
- Mac OS X[97] (683)
- Mandriva[98] (3,105)
- NetBSD[99] (255)
- OpenBSD[100] (478)
- RedHat[101] (11,888)
- Slackware[102] (941)
- Solaris[103] (1,607)
- SUSE[104] (1,444)
- Ubuntu[105] (7,958)
- UNIX[106] (9,102)
- UnixWare[107] (185)
- Windows[108] (6,447)
- Other[109]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
