cbcvebase.

Centreon Web vulnerabilities

57 known vulnerabilities affecting centreon/centreon_web.

Total CVEs
57
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH27MEDIUM22

Vulnerabilities

Page 3 of 3
CVE-2025-8428P4MEDIUMCVSS 5.4≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8428 [MEDIUM] CWE-79 CVE-2025-8428: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
nvd
CVE-2025-4649P4MEDIUMCVSS 4.9≥ 23.04.24, < 23.04.26≥ 23.10.19, < 23.10.21+2 more2025-05-13
CVE-2025-4649 [MEDIUM] CWE-755 CVE-2025-4649: Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalatio Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.
nvd
CVE-2019-17105P4MEDIUMCVSS 5.3≥ 2.8, < 2.8.27≥ 18.10.0, < 18.10.52019-10-08
CVE-2019-17105 [MEDIUM] CWE-330 CVE-2019-17105: The token generator in index.php in Centreon Web before 2.8.27 is predictable. The token generator in index.php in Centreon Web before 2.8.27 is predictable.
nvd
CVE-2019-17108P4MEDIUMCVSS 6.1≥ 2.8, < 2.8.28≥ 18.10.0, < 18.10.52019-10-08
CVE-2019-17108 [MEDIUM] CWE-79 CVE-2019-17108: Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disc Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
nvd
CVE-2025-4648P4MEDIUMCVSS 5.9≥ 22.10.0, < 22.10.29≥ 23.04.0, < 23.04.27+3 more2025-05-13
CVE-2025-4648 [MEDIUM] CWE-434 CVE-2025-4648: The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Ref The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.
nvd
CVE-2018-11588P4MEDIUMCVSS 5.4v2.8.232018-06-25
CVE-2018-11588 [MEDIUM] CWE-79 CVE-2018-11588: Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payl Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
nvd
CVE-2025-54892P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54892 [MEDIUM] CWE-79 CVE-2025-54892: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.1
nvd
CVE-2025-54889P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54889 [MEDIUM] CWE-79 CVE-2025-54889: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 befor
nvd
CVE-2025-54891P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54891 [MEDIUM] CWE-79 CVE-2025-54891: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 2
nvd
CVE-2025-8429P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8429 [MEDIUM] CWE-79 CVE-2025-8429: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10
nvd
CVE-2025-54893P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-54893 [MEDIUM] CWE-79 CVE-2025-54893: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10
nvd
CVE-2025-8430P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-8430 [MEDIUM] CWE-79 CVE-2025-8430: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.
nvd
CVE-2025-10023P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.26≥ 24.04.0, < 24.04.16+1 more2025-10-27
CVE-2025-10023 [MEDIUM] CWE-79 CVE-2025-10023: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
nvd
CVE-2025-12513P4MEDIUMCVSS 4.8≥ 24.04.0, < 24.04.19≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-12513 [MEDIUM] CWE-79 CVE-2025-12513: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
nvd
CVE-2025-13056P4MEDIUMCVSS 4.8≥ 24.04.0, < 24.04.19≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-13056 [MEDIUM] CWE-79 CVE-2025-13056: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24
nvd
CVE-2025-54890P4MEDIUMCVSS 4.8≥ 23.10.0, < 23.10.29≥ 24.04.0, < 24.04.19+1 more2025-12-22
CVE-2025-54890 [MEDIUM] CWE-79 CVE-2025-54890: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.
nvd
CVE-2025-4647P4MEDIUMCVSS 4.8≥ 22.10.0, < 22.10.29≥ 23.04.0, < 23.04.27+3 more2025-05-13
CVE-2025-4647 [MEDIUM] CWE-79 CVE-2025-4647: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 be
nvd
Centreon Web vulnerabilities | cvebase