centreon/centreon is vulnerable to local file inclusion. Lack of validation of a filename in brokerPerformance.php
allows an attacker to include a malicious file containing Javascript code on the server which was uploaded prior to the attack, potentially leading to execution of arbitrary Javascript code in a victimβs browser.