CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...

CVE-2025-8460

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

EUVD-2025-204710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

CVE-2025-10023

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

PT-2025-43967

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.26 Centreon Infra Monitoring versions 24.04.0 through 24.04.16 Centreon Infra Monitoring versions 24.10.0 through 24.10.9 Description The software contains an Improper Neutralization of...

CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts templates configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from...

CVE-2025-54892

Centreon CVE-2025-54892 is a stored XSS in the Centreon Infra Monitoring SNMP traps group configuration module. The issue arises from improper input neutralization during web page generation, allowing a user with elevated privileges to inject scripts. Affected versions include 24.10.0–24.10.12, 2...

CVE-2025-54889

Centreon Infra Monitoring is affected by CVE-2025-54889, a Stored XSS flaw in the SNMP traps manufacturer configuration pages. Affected versions are 24.10.0–24.10.12, 24.04.0–24.04.17, and 23.10.0–23.10.27. The issue stems from improper input neutralization during web page generation, allowing us...

PT-2025-42159

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Commands Connectors configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, fr...

EUVD-2025-24207

Malicious code in bioql PyPI...

WordPress plugin Ivory Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Centreon SQL注入漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in versions of Centreon Web prior to 24.10.3, which originates from an...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

WordPress plugin Business Card 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

CVE-2024-6435

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

PT-2024-37624 · Rockwell Automation · Pavilion8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A privilege escalation issue exists in the affected products, allowing a malicious user with basic privileges to access functions that should only be...

WordPress Plugin Chart.js for WordPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SAP Application Interface Framework Code Injection Vulnerability

SAP Application Interface Framework SAP AIF is an application interface framework from SAP. A code injection vulnerability exists in the SAP Application Interface Framework File Adapter, which can be exploited to allow an elevated privilege user to traverse layers and directly execute operating...