UBUNTU-CVE-2020-13628

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-13628

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13628.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-13628

Upstream

CVE-2020-13628

Published

2020-05-27T16:15:00Z

Modified

2025-10-24T04:48:30Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.

References

Affected packages

Ubuntu:20.04:LTS / centreon-engine

Package

Name: centreon-engine
Purl: pkg:deb/ubuntu/centreon-engine@19.10.8-1build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.10.0-4

19.*

19.10.8-1

19.10.8-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "19.10.8-1build1",
            "binary_name": "centreon-engine"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13628.json"