{"url":"http://public2.vulnerablecode.io/api/packages/57431?format=json","purl":"pkg:composer/centreon/centreon@20.10.0","type":"composer","namespace":"centreon","name":"centreon","version":"20.10.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20.10.1","latest_non_vulnerable_version":"22.10.15","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13892?format=json","vulnerability_id":"VCID-8su4-abzq-23e1","summary":"SQL Injection\nA SQL injection vulnerability in reporting export in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37556","reference_id":"","reference_type":"","scores":[{"value":"0.34327","scoring_system":"epss","scoring_elements":"0.9707","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37556"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37556","reference_id":"CVE-2021-37556","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57586?format=json","purl":"pkg:composer/centreon/centreon@20.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57587?format=json","purl":"pkg:composer/centreon/centreon@21.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.2"}],"aliases":["CVE-2021-37556"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8su4-abzq-23e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13840?format=json","vulnerability_id":"VCID-9fs6-bk2g-z3dg","summary":"SQL Injection\nAn issue was discovered in Centreon-Web in Centreon Platform A SQL injection vulnerability in \"Configuration > Users > Contacts / Users\" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28053","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52856","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28053"},{"reference_url":"https://docs.centreon.com/current/en/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.centreon.com/current/en/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28053","reference_id":"CVE-2021-28053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28053"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57432?format=json","purl":"pkg:composer/centreon/centreon@20.10.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.1"}],"aliases":["CVE-2021-28053"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fs6-bk2g-z3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13841?format=json","vulnerability_id":"VCID-rzam-xkp2-uyaf","summary":"Cross-site Scripting\nAn issue was discovered in Centreon-Web in Centreon Platform A Stored Cross-Site Scripting (XSS) issue in \"Configuration > Hosts\" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28054","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20789","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28054"},{"reference_url":"https://docs.centreon.com/current/en/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.centreon.com/current/en/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28054","reference_id":"CVE-2021-28054","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28054"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57432?format=json","purl":"pkg:composer/centreon/centreon@20.10.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.1"}],"aliases":["CVE-2021-28054"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzam-xkp2-uyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13886?format=json","vulnerability_id":"VCID-whbv-zhmu-pya3","summary":"SQL Injection\nA SQL injection vulnerability in image generation in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37557","reference_id":"","reference_type":"","scores":[{"value":"0.34327","scoring_system":"epss","scoring_elements":"0.9707","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37557"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37557","reference_id":"CVE-2021-37557","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37557"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57586?format=json","purl":"pkg:composer/centreon/centreon@20.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57587?format=json","purl":"pkg:composer/centreon/centreon@21.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.2"}],"aliases":["CVE-2021-37557"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whbv-zhmu-pya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13888?format=json","vulnerability_id":"VCID-zku7-zjat-eff9","summary":"SQL Injection\nA SQL injection vulnerability in a MediaWiki script in Centreon allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37558","reference_id":"","reference_type":"","scores":[{"value":"0.02059","scoring_system":"epss","scoring_elements":"0.84191","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37558"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37558","reference_id":"CVE-2021-37558","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37558"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57586?format=json","purl":"pkg:composer/centreon/centreon@20.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57587?format=json","purl":"pkg:composer/centreon/centreon@21.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@21.4.2"}],"aliases":["CVE-2021-37558"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zku7-zjat-eff9"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/centreon/centreon@20.10.0"}