CVE-2023-51633

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-79
View all →

Vulnerability Description

Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731.

Related Vulnerabilities

CVE-2016-8719

HIGH
CVSS:7.5(High)

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multip...

CWE-792016

CVE-2018-12319

HIGH
CVSS:7.5(High)

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.

CWE-792018

CVE-2018-3740

HIGH
CVSS:7.5(High)

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

CWE-792018

CVE-2018-6010

HIGH
CVSS:7.5(High)

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Relat...

CWE-792018

CVE-2019-15816

HIGH
CVSS:7.5(High)

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

CWE-792019

CVE-2019-17214

HIGH
CVSS:7.5(High)

The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.

CWE-792019