VulnerableCode Package Details - pkg:composer/centreon/centreon@19.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3r3w-7vvv-kye4 Aliases: CVE-2019-16195	Cross-site Scripting Centreon allows XSS via `myAccount` alias and `name` fields.	19.4.5 Affected by 0 other vulnerabilities.
VCID-3zzf-hf31-c3ed Aliases: CVE-2020-10945 GHSA-h5qv-p378-3hhr	Information Exposure Centreon exposes Session IDs in server responses.	19.4.10 Affected by 0 other vulnerabilities. 19.10.7 Affected by 0 other vulnerabilities.
VCID-j7cg-229c-jbgs Aliases: CVE-2019-16405 GHSA-4f26-v6fr-9hmp	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.	19.4.5 Affected by 0 other vulnerabilities.
VCID-jgq5-dz44-97c4 Aliases: CVE-2019-16194 GHSA-wgjx-hm34-qgf7	SQL Injection SQL injection vulnerabilities in Centreon allow attacks via the `svc_id` parameter in `include/monitoring/status/Services/xml/makeXMLForOneService.php`.	19.4.2 Affected by 0 other vulnerabilities. 19.4.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3r3w-7vvv-kye4
Aliases:
CVE-2019-16195

Cross-site Scripting Centreon allows XSS via `myAccount` alias and `name` fields.

19.4.5
Affected by 0 other vulnerabilities.

VCID-3zzf-hf31-c3ed
Aliases:
CVE-2020-10945
GHSA-h5qv-p378-3hhr

Information Exposure Centreon exposes Session IDs in server responses.

19.4.10
Affected by 0 other vulnerabilities.

19.10.7
Affected by 0 other vulnerabilities.

VCID-j7cg-229c-jbgs
Aliases:
CVE-2019-16405
GHSA-4f26-v6fr-9hmp

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

19.4.5
Affected by 0 other vulnerabilities.

VCID-jgq5-dz44-97c4
Aliases:
CVE-2019-16194
GHSA-wgjx-hm34-qgf7

SQL Injection SQL injection vulnerabilities in Centreon allow attacks via the `svc_id` parameter in `include/monitoring/status/Services/xml/makeXMLForOneService.php`.

19.4.2
Affected by 0 other vulnerabilities.

19.4.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-08T19:48:09.367925+00:00	GHSA Importer	Affected by	VCID-3zzf-hf31-c3ed	https://github.com/advisories/GHSA-h5qv-p378-3hhr	38.6.0
2026-06-07T20:46:43.479850+00:00	GHSA Importer	Affected by	VCID-j7cg-229c-jbgs	https://github.com/advisories/GHSA-4f26-v6fr-9hmp	38.6.0
2026-06-05T21:10:58.720797+00:00	GHSA Importer	Affected by	VCID-jgq5-dz44-97c4	https://github.com/advisories/GHSA-wgjx-hm34-qgf7	38.6.0
2026-06-04T16:19:41.049191+00:00	GitLab Importer	Affected by	VCID-3r3w-7vvv-kye4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2019-16195.yml	38.6.0
2026-06-02T04:39:33.696447+00:00	GitLab Importer	Affected by	VCID-j7cg-229c-jbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2019-16405.yml	38.6.0