Centreon: >> Centreon Web >> 22.10.25 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-05-13
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-05-13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.
A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.
This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-04-24