CVE-2024-47863

MEDIUM Year: 2024
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-privilege access.

Related Vulnerabilities

CVE-2020-5317

MEDIUM
CVSS:6.2(Medium)

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted appl...

CWE-792020

CVE-2020-6973

MEDIUM
CVSS:6.2(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a...

CWE-792020

CVE-2022-38802

MEDIUM
CVSS:6.2(Medium)

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can re...

CWE-792022

CVE-2024-36064

MEDIUM
CVSS:6.2(Medium)

The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interac...

CWE-792024

CVE-2025-24027

MEDIUM
CVSS:6.2(Medium)

ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh...

CWE-792025

CVE-2018-15641

MEDIUM
CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018