Resync 12 06

[sc979]

Resync 12 06

[github-actions]

Checkmarx One – Scan Summary & Details – 7791fdb3-4ebf-4276-bc88-aff5f9334490

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Absolute_Path_Traversal	/www/include/configuration/configObject/connector/connector.php: 48	Attack Vector
	Absolute_Path_Traversal	/www/include/home/customViews/rename.php: 74	Attack Vector
	CVE-2021-3807	Npm-ansi-regex-2.1.1	Vulnerable Package
	CVE-2021-43138	Npm-async-1.5.2	Vulnerable Package
	CVE-2024-0637	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-5.1.0	Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-7.0.3	Vulnerable Package
	CVE-2024-23115	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-23116	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-23117	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-23118	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-23119	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-32501	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-33853	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-33854	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-39841	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-39842	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-40643	Npm-htmlparser2-3.10.1	Vulnerable Package
	CVE-2024-45801	Npm-dompurify-2.4.0	Vulnerable Package
	CVE-2024-47875	Npm-dompurify-2.4.0	Vulnerable Package
	CVE-2024-48910	Npm-dompurify-2.4.0	Vulnerable Package
	CVE-2024-51736	Php-symfony/process-v7.1.5	Vulnerable Package
	CVE-2024-5723	Php-centreon/centreon-22.10.2	Vulnerable Package
	CVE-2024-5725	Php-centreon/centreon-22.10.2	Vulnerable Package
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 348	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 348	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 348	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 320	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 320	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 320	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 293	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 293	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 293	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 375	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configGenerate/formGenerateFiles.php: 375	Attack Vector
	Client_DOM_Stored_XSS	/www/include/views/graphs/graphs.html: 298	Attack Vector
	Client_DOM_Stored_XSS	/www/include/eventLogs/viewLog.php: 802	Attack Vector
	Client_DOM_Stored_XSS	/www/include/eventLogs/viewLog.php: 766	Attack Vector
	Client_DOM_Stored_XSS	/www/include/configuration/configServers/formServers.php: 501	Attack Vector
	Client_DOM_Stored_XSS	/www/include/home/customViews/widgetParam.html: 106	Attack Vector
	Client_DOM_Stored_XSS	/www/include/common/javascript/centreon/notifier.js: 84	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/hostgroup-monitoring/data.js: 45	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/servicegroup-monitoring/data.js: 45	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/service-monitoring/data.js: 41	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/host-monitoring/data.js: 41	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/tactical-overview/src/data_js.js: 9	Attack Vector
	Client_DOM_Stored_XSS	/www/widgets/grid-map/src/data_js.js: 7	Attack Vector
	Client_DOM_XSS	/www/include/views/graphs/graphs.html: 435	Attack Vector
	Client_DOM_XSS	/www/front_src/src/route-components/legacyRoute/index.tsx: 84	Attack Vector
	Cx89601373-08db	Npm-debug-3.2.7	Vulnerable Package
	Cx89601373-08db	Npm-debug-2.6.9	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-4.3.4	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-4.3.7	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-4.3.5	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-2.6.9	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-3.2.7	Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	Vulnerable Package
	Deserialization_of_Untrusted_Data	/src/CentreonRemote/Application/Clapi/CentreonWorker.php: 79	Attack Vector
	Passwords And Secrets - Generic Password	/services.yaml: 16	Query to find passwords and secrets in infrastructure code.
	Passwords And Secrets - Generic Token	/centreon-api.yaml: 245	Query to find passwords and secrets in infrastructure code.
	Passwords And Secrets - Generic Token	/centreon-api.yaml: 25	Query to find passwords and secrets in infrastructure code.
	Passwords And Secrets - Generic Token	/centreon-api.yaml: 119	Query to find passwords and secrets in infrastructure code.
	Passwords And Secrets - Generic Token	/centreon-api.yaml: 82	Query to find passwords and secrets in infrastructure code.
	Reflected_XSS	/www/include/monitoring/objectDetails/hostDetails.php: 92	Attack Vector
	Reflected_XSS	/www/include/monitoring/objectDetails/hostDetails.php: 92	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 468	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 468	Attack Vector
	Reflected_XSS	/www/include/monitoring/objectDetails/hostDetails.php: 87	Attack Vector
	Reflected_XSS	/www/include/monitoring/objectDetails/hostDetails.php: 87	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 471	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 471	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 470	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 470	Attack Vector
	Reflected_XSS	/www/main.get.php: 62	Attack Vector
	Reflected_XSS	/www/main.get.php: 49	Attack Vector
	Reflected_XSS	/www/include/configuration/configObject/timeperiod/DB-Func.php: 455	Attack Vector
	Reflected_XSS	/www/include/configuration/configObject/timeperiod/DB-Func.php: 538	Attack Vector
	Reflected_XSS	/www/include/configuration/configObject/timeperiod/DB-Func.php: 598	Attack Vector
	Reflected_XSS	/www/class/centreonConfigCentreonBroker.php: 1674	Attack Vector
	Reflected_XSS	/www/include/configuration/configObject/host/DB-Func.php: 2937	Attack Vector
	Reflected_XSS	/www/main.get.php: 61	Attack Vector
	Reflected_XSS	/www/main.get.php: 60	Attack Vector
	Reflected_XSS	/www/main.get.php: 59	Attack Vector
	Reflected_XSS	/www/main.get.php: 58	Attack Vector
	Reflected_XSS	/www/main.get.php: 71	Attack Vector
	Reflected_XSS	/www/main.get.php: 70	Attack Vector
	Reflected_XSS	/www/main.get.php: 69	Attack Vector
	Reflected_XSS	/www/main.get.php: 68	Attack Vector
	Reflected_XSS	/www/main.get.php: 67	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 68	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 68	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 65	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 65	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 63	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 63	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 61	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 61	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 58	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 58	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 56	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 56	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 54	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 54	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 52	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 52	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 49	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 49	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 47	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 47	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 46	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 46	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 44	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 44	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 42	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 42	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 41	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 41	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 102	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 102	Attack Vector
	Reflected_XSS	/www/include/monitoring/status/Services/service.php: 99

More results are available on AST platform