CVE-2018-19311
Description
Centreon 3.4.x before 18.10.0 contains a stored XSS vulnerability in the Service field of the Monitoring > Status Details > Services page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Centreon 3.4.x before 18.10.0 contains a stored XSS vulnerability in the Service field of the Monitoring > Status Details > Services page.
Vulnerability
Centreon versions 3.4.x (prior to 18.10.0) are vulnerable to a stored cross-site scripting (XSS) attack via the Service field on the "Monitoring > Status Details > Services" screen, accessed through the main.php?p=20201 URI [1]. The vulnerability allows arbitrary JavaScript injection into the Service parameter, which is then rendered without proper sanitization.
Exploitation
An authenticated attacker with permission to access the Monitoring > Status Details > Services page can craft a malicious Service value containing JavaScript payloads. When the page is loaded and the injected service data is processed, the script executes in the context of the victim's browser. The attack does not require elevated privileges beyond standard monitoring access.
Impact
Successful exploitation could lead to account hijacking, unauthorized actions performed under the victim's session, disclosure of sensitive monitoring data, or further compromise within the Centreon environment.
Mitigation
The vulnerability is fixed in Centreon 18.10.0 [2][3]. Users running Centreon 3.4.x should upgrade to version 18.10.0 or later. No workarounds are documented.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
centreon/centreonPackagist | >= 18.0.0, < 18.10.0 | 18.10.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
7- github.com/advisories/GHSA-8vh5-j6xj-5953ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19311ghsaADVISORY
- www.roothc.com.br/1349-2ghsaWEB
- www.roothc.com.br/1349-2/mitrex_refsource_MISC
- documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.htmlghsax_refsource_CONFIRMWEB
- github.com/centreon/centreon-archived/pull/6632ghsaWEB
- github.com/centreon/centreon/pull/6632mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.