Centreon Web 2.8.36

Bugfix

• [Configuration] Non-admin users can’t create host/service

Security

• [Administration/ACL] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access

• [Administration/LDAP] XSS stored in the LDAP form

• [Authentication] Session is active longer than expected

• [Authentication] User enumeration in login page

• [Core] 4.2.3 Vulnerable handlebars.js library

• [Reporting/Dashboard/Hosts] Cross-site Scripting (XSS) Reflected