CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts templates configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from...

CVE-2025-54893

Centreon Infra Monitoring has a Stored XSS vulnerability (Improper Neutralization of Input During Web Page Generation) in the Hosts templates configuration modules. Affected versions include 23.10.0–23.10.28, 24.04.0–24.04.18, and 24.10.0–24.10.13. Exploitation requires elevated privileges and ma...

CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts templates configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from...

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1 Create a new template on...

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

SUSE CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

CVE-2022-36131

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page...

CVE-2022-24344

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page...

Cross site scripting

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page...

Insightly: Stored XSS via LINK Name.

The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS...