Headline
CVE-2022-39988: Centreon 22.04.0 Cross Site Scripting ≈ Packet Storm
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
# Exploit Title: Stored XSS in service_alias parameter in Centreon version 22.04.0# Date: 1/10/2022# Exploit Author: syad# Vendor Homepage: Centreon# Software Link: https://download.centreon.com/# Version: 22.04.0# CVE ID : CVE-2022-39988# Tested on: Centos 7Centreon 22.04.0 is vulnerable to Stored Cross Site Scripting (XSS) from the function Service -> Templates -> by adding a crafted payloadinto the service_alias parameter.go to this endpoint -> /centreon/main.get.php?p=60206 -> Service -> Templates -> Click Button "Add" and put the crafted payload below on section "Alias" and savepayload --> test"><body onload=prompt('XSS-STORED')>Related news
Centreon 22.04.0 Cross Site Scripting
Centreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.