CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...

PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...

CVE-2025-8460

Centreon Infra Monitoring (Notification rules, Open tickets module) has a stored XSS vulnerability (CVE-2025-8460). Affected versions are 23.10.0–23.10.4, 24.04.0–24.04.5, and 24.10.0–24.10.5. Root cause: improper neutralization of user input in web page generation. Remediation per linked sources...

EUVD-2025-36202

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...

CVE-2025-8459

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Monitoring recurrent downtime scheduler modules allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18,...

CVE-2025-54891

The CVE-2025-54891 issue is an XSS vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) caused by Improper Neutralization of Input During Web Page Generation. Affected versions are Centreon Infra Monitoring 23.10.0–23.10.28, 24.04.0–24.04.18, and 24.10.0–24.10.13...

CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps manufacturer configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13...

CVE-2025-8428

CVE-2025-8428 is a Stored XSS in Centreon Infra Monitoring (HTTP Loader widget modules) caused by improper input neutralization during web page generation. The issue affects Centreon Infra Monitoring versions: 24.10.0–24.10.12, 24.04.0–24.04.17, and 23.10.0–23.10.27. Exploitation could allow an a...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

PT-2025-34768 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 24.04 through 24.04.0 Mahara versions 23.04 through 23.04.5 Description: Certain conditions on the 'Current submissions' page Administration - Groups - Submissions can lead to information disclosure to an institution...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-6791 Second order SQL injection available to user with low privilege

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

Centreon Web SQL Injection (CVE-2025-4650) affects Centreon Web via the Meta Service indicator page. The root cause is improper neutralization of special elements in an SQL command, enabling a high-privilege attacker to perform a SQLi without user interaction. Affected versions include web 23.10....

PT-2025-34480 · Web · Web

Name of the Vulnerable Software and Affected Versions: web versions 23.10.0 through 23.10.26 web versions 24.04.0 through 24.04.16 web versions 24.10.0 through 24.10.9 Description: A user with high privileges can inject SQL commands through the Meta Service indicator page due to improper...