Vulnerability Details CVE-2025-4648
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.2%
CVSS Severity
CVSS v3 Score 8.4
References
Products affected by CVE-2025-4648
-
cpe:2.3:a:centreon:centreon_web:22.10.0
-
cpe:2.3:a:centreon:centreon_web:22.10.10
-
cpe:2.3:a:centreon:centreon_web:22.10.11
-
cpe:2.3:a:centreon:centreon_web:22.10.12
-
cpe:2.3:a:centreon:centreon_web:22.10.13
-
cpe:2.3:a:centreon:centreon_web:22.10.14
-
cpe:2.3:a:centreon:centreon_web:22.10.15
-
cpe:2.3:a:centreon:centreon_web:22.10.16
-
cpe:2.3:a:centreon:centreon_web:22.10.17
-
cpe:2.3:a:centreon:centreon_web:22.10.18
-
cpe:2.3:a:centreon:centreon_web:22.10.19
-
cpe:2.3:a:centreon:centreon_web:22.10.2
-
cpe:2.3:a:centreon:centreon_web:22.10.20
-
cpe:2.3:a:centreon:centreon_web:22.10.21
-
cpe:2.3:a:centreon:centreon_web:22.10.22
-
cpe:2.3:a:centreon:centreon_web:22.10.23
-
cpe:2.3:a:centreon:centreon_web:22.10.24
-
cpe:2.3:a:centreon:centreon_web:22.10.25
-
cpe:2.3:a:centreon:centreon_web:22.10.26
-
cpe:2.3:a:centreon:centreon_web:22.10.27
-
cpe:2.3:a:centreon:centreon_web:22.10.28
-
cpe:2.3:a:centreon:centreon_web:22.10.3
-
cpe:2.3:a:centreon:centreon_web:22.10.4
-
cpe:2.3:a:centreon:centreon_web:22.10.5
-
cpe:2.3:a:centreon:centreon_web:22.10.6
-
cpe:2.3:a:centreon:centreon_web:22.10.7
-
cpe:2.3:a:centreon:centreon_web:22.10.8
-
cpe:2.3:a:centreon:centreon_web:22.10.9
-
cpe:2.3:a:centreon:centreon_web:23.04.0
-
cpe:2.3:a:centreon:centreon_web:23.04.1
-
cpe:2.3:a:centreon:centreon_web:23.04.10
-
cpe:2.3:a:centreon:centreon_web:23.04.11
-
cpe:2.3:a:centreon:centreon_web:23.04.12
-
cpe:2.3:a:centreon:centreon_web:23.04.13
-
cpe:2.3:a:centreon:centreon_web:23.04.14
-
cpe:2.3:a:centreon:centreon_web:23.04.15
-
cpe:2.3:a:centreon:centreon_web:23.04.16
-
cpe:2.3:a:centreon:centreon_web:23.04.19
-
cpe:2.3:a:centreon:centreon_web:23.04.2
-
cpe:2.3:a:centreon:centreon_web:23.04.20
-
cpe:2.3:a:centreon:centreon_web:23.04.21
-
cpe:2.3:a:centreon:centreon_web:23.04.22
-
cpe:2.3:a:centreon:centreon_web:23.04.23
-
cpe:2.3:a:centreon:centreon_web:23.04.24
-
cpe:2.3:a:centreon:centreon_web:23.04.25
-
cpe:2.3:a:centreon:centreon_web:23.04.26
-
cpe:2.3:a:centreon:centreon_web:23.04.3
-
cpe:2.3:a:centreon:centreon_web:23.04.4
-
cpe:2.3:a:centreon:centreon_web:23.04.5
-
cpe:2.3:a:centreon:centreon_web:23.04.6
-
cpe:2.3:a:centreon:centreon_web:23.04.7
-
cpe:2.3:a:centreon:centreon_web:23.04.8
-
cpe:2.3:a:centreon:centreon_web:23.04.9
-
cpe:2.3:a:centreon:centreon_web:23.10.0
-
cpe:2.3:a:centreon:centreon_web:23.10.1
-
cpe:2.3:a:centreon:centreon_web:23.10.10
-
cpe:2.3:a:centreon:centreon_web:23.10.11
-
cpe:2.3:a:centreon:centreon_web:23.10.12
-
cpe:2.3:a:centreon:centreon_web:23.10.13
-
cpe:2.3:a:centreon:centreon_web:23.10.14
-
cpe:2.3:a:centreon:centreon_web:23.10.15
-
cpe:2.3:a:centreon:centreon_web:23.10.16
-
cpe:2.3:a:centreon:centreon_web:23.10.17
-
cpe:2.3:a:centreon:centreon_web:23.10.18
-
cpe:2.3:a:centreon:centreon_web:23.10.19
-
cpe:2.3:a:centreon:centreon_web:23.10.2
-
cpe:2.3:a:centreon:centreon_web:23.10.20
-
cpe:2.3:a:centreon:centreon_web:23.10.21
-
cpe:2.3:a:centreon:centreon_web:23.10.3
-
cpe:2.3:a:centreon:centreon_web:23.10.4
-
cpe:2.3:a:centreon:centreon_web:23.10.5
-
cpe:2.3:a:centreon:centreon_web:23.10.6
-
cpe:2.3:a:centreon:centreon_web:23.10.7
-
cpe:2.3:a:centreon:centreon_web:23.10.8
-
cpe:2.3:a:centreon:centreon_web:23.10.9
-
cpe:2.3:a:centreon:centreon_web:24.04.0
-
cpe:2.3:a:centreon:centreon_web:24.04.1
-
cpe:2.3:a:centreon:centreon_web:24.04.10
-
cpe:2.3:a:centreon:centreon_web:24.04.2
-
cpe:2.3:a:centreon:centreon_web:24.04.3
-
cpe:2.3:a:centreon:centreon_web:24.04.4
-
cpe:2.3:a:centreon:centreon_web:24.04.5
-
cpe:2.3:a:centreon:centreon_web:24.04.6
-
cpe:2.3:a:centreon:centreon_web:24.04.7
-
cpe:2.3:a:centreon:centreon_web:24.04.8
-
cpe:2.3:a:centreon:centreon_web:24.04.9
-
cpe:2.3:a:centreon:centreon_web:24.10.0
-
cpe:2.3:a:centreon:centreon_web:24.10.1
-
cpe:2.3:a:centreon:centreon_web:24.10.2
-
cpe:2.3:a:centreon:centreon_web:24.10.3
-
cpe:2.3:a:centreon:centreon_web:24.10.4