CVE-2018-19280

Vulnerability

Centreon 3.4.x (all versions prior to 18.10.0) contains a stored cross-site scripting (XSS) vulnerability in the poller macro configuration. An attacker can inject arbitrary JavaScript or HTML into the resource name or macro expression fields when creating or editing a poller macro. The injected payload is stored and later executed in the browser of any user who views the poller macro list, as the output is not sanitized before rendering. The fix was introduced in Centreon Web 18.10.0 [1][2].

Exploitation

The attacker must have authenticated access to Centreon (at least with privileges to configure pollers or macros) and reach the poller macro creation or editing interface. By supplying malicious code (e.g., ``) in the resource name or macro expression field, the input is stored without proper filtering. Any user who subsequently navigates to the poller macro administration page triggers the payload in their browser session. No user interaction beyond page load is required for the XSS to fire [1][4].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, credential theft, or forced actions (such as modifying configurations) on behalf of the victim. Since Centreon manages critical monitoring infrastructure, an XSS attack could undermine the integrity and confidentiality of the monitoring system [1][4].

Mitigation

The vulnerability is fixed in Centreon Web 18.10.0, released on November 2, 2018 [2]. Users running Centreon 3.4.x should upgrade to 18.10.0 or later. The fix adds input validation and output encoding on the resource name and macro expression fields [4]. No workaround is documented; upgrading is the recommended action. The affected versions are now end-of-life and no longer receive security updates [3].