Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Metrics
Affected Vendors & Products
References
History
Wed, 22 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Centreon
Centreon centreon Web |
|
CPEs | cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:* | |
Vendors & Products |
Centreon
Centreon centreon Web |
Tue, 13 May 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 13 May 2025 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. | |
Title | A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Centreon
Published: 2025-05-13T09:31:17.529Z
Updated: 2025-05-13T13:08:24.128Z
Reserved: 2025-05-13T09:25:32.395Z
Link: CVE-2025-4647

Updated: 2025-05-13T13:08:20.241Z

Status : Analyzed
Published: 2025-05-13T10:15:29.317
Modified: 2025-10-22T14:13:18.460
Link: CVE-2025-4647

No data.