Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.
Could you please fix the following cross-site scripting issue?
The value of the limit request parameter is copied into an HTML comment. The
payload rdbvr-->do1x6 was submitted in the limit
parameter.:
GET /centreon/include/monitoring/status/Services/xml/serviceXML.php?
&search=&search_host=&search_output=&num=0&limit=30rdbvr--%3e%3cscript
%3ealert(1)%3c%2fscript
%3edo1x6&sort_type=host_name&order=ASC&date_time_format_status=Y/m/d
%20H:i:s&o=svc_unhandled&p=20201&host_name=&nc=0&criticality=0&statusServ
ice=svc_unhandled&statusFilter=&sSetOrderInMemory=1 HTTP/1.1
lpinsivy
commented
4 years ago
Hi Team,
Could you please fix the following cross-site scripting issue?
The value of the limit request parameter is copied into an HTML comment. The payload rdbvr-->do1x6 was submitted in the limit parameter.: GET /centreon/include/monitoring/status/Services/xml/serviceXML.php? &search=&search_host=&search_output=&num=0&limit=30rdbvr--%3e%3cscript %3ealert(1)%3c%2fscript %3edo1x6&sort_type=host_name&order=ASC&date_time_format_status=Y/m/d %20H:i:s&o=svc_unhandled&p=20201&host_name=&nc=0&criticality=0&statusServ ice=svc_unhandled&statusFilter=&sSetOrderInMemory=1 HTTP/1.1
Regards, Zsolt