Vulnerability Details : CVE-2020-13627
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2020-13627
- cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Host-monitoring WidgetVersions from including (>=) 19.0.0 and before (<) 19.0.1cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Host-monitoring WidgetVersions from including (>=) 19.04.0 and before (<) 19.04.3cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Host-monitoring WidgetVersions from including (>=) 18.10.0 and before (<) 18.10.3cpe:2.3:a:centreon:centreon_host-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Tactical-overview WidgetVersions from including (>=) 19.10.0 and before (<) 19.10.1cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Tactical-overview WidgetVersions from including (>=) 18.10.0 and before (<) 18.10.1cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
- cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Tactical-overview WidgetVersions from including (>=) 19.04.0 and before (<) 19.04.1cpe:2.3:a:centreon:centreon_tactical-overview_widget:*:*:*:*:*:*:*:*
- cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Service-monitoring WidgetVersions from including (>=) 19.10.0 and before (<) 19.10.2cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Service-monitoring WidgetVersions from including (>=) 19.04.0 and before (<) 19.04.3cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
- Centreon » Centreon Service-monitoring WidgetVersions from including (>=) 18.10.0 and before (<) 18.10.5cpe:2.3:a:centreon:centreon_service-monitoring_widget:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13627
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13627
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2020-13627
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13627
-
https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/
Sysdream, [CVE-2020-10946] Several Cross-Site Scripting (XSS) vulnerabilities in CentreonExploit;Third Party Advisory
Jump to