Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/15 10:10 a.m.24 views

CVE-2025-4648

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...

8.4CVSS6.5AI score0.00224EPSS
Exploits0References4
NVD
NVD
added 2025/05/13 10:15 a.m.46 views

CVE-2025-4648

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2025/05/13 9:45 a.m.49 views

CVE-2025-4648

Centreon web is affected by a reflected XSS vulnerability (CVE-2025-4648) where the content of an uploaded SVG file is not properly validated. A user with elevated privileges can inject JavaScript by altering a SVG media during submission. Affected versions include Centreon web 22.10.0–22.10.29, ...

8.4CVSS6.3AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/13 9:45 a.m.44 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 9:45 a.m.10 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS6.3AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 9:45 a.m.13 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS6.6AI score0.00224EPSS
Exploits0References4
Rows per page
Query Builder