Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-28054
CVE-2021-28054:
Centreon vulnerability analysis and mitigation
Overview
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Centreon-Web in Centreon Platform 20.10.0. The vulnerability exists in the "Configuration > Hosts" section, where remote authenticated users can inject arbitrary web script or HTML through the Alias parameter (CVE Database).
Technical details
The vulnerability is identified as a Stored Cross-Site Scripting (XSS) issue that affects the Centreon Platform version 20.10.0. The vulnerability specifically exists in the host configuration section where the Alias parameter is not properly sanitized, allowing for the injection of malicious web scripts or HTML content (CVE Database).
Impact
The vulnerability allows authenticated users to inject and store malicious scripts that can be executed when other users access the affected pages. This could lead to session hijacking, defacement, or theft of sensitive information from users who view the compromised host configurations (CVE Database).
Mitigation and workarounds
Users are advised to update to a patched version of Centreon Platform. The fix has been implemented in subsequent releases (Centreon Docs).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management