Marceloqj

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 25.10.0 through 25.10.1 Centreon Infra Monitoring versions 24.10.0 through 24.10.14 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting (XSS) condition. This impacts users with high privileges within the Administration ACL menu configuration modules. The issue allows for the injection of malicious scripts through web page generation. **Recommendations** Update Centreon Infra Monitoring to version 25.10.2 or later. Update Centreon Infra Monitoring to version 24.10.15 or later. Update Centreon Infra Monitoring to version 24.04.19 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring centreon-awie versions 25.10.0 through 25.10.1 Centreon Infra Monitoring centreon-awie versions 24.10.0 through 24.10.2 Centreon Infra Monitoring centreon-awie versions 24.04.0 through 24.04.2 **Description** A missing authentication check for a critical function within the centreon-awie (Awie import module) of Centreon Infra Monitoring allows access to functionality that is not properly restricted by Access Control Lists (ACLs). This allows unauthorized access to certain functions. **Recommendations** Update Centreon Infra Monitoring centreon-awie to version 25.10.2 or later. Update Centreon Infra Monitoring centreon-awie to version 24.10.3 or later. Update Centreon Infra Monitoring centreon-awie to version 24.04.3 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 **Description** A flaw exists in Centreon Infra Monitoring (Awie export modules) that allows for SQL Injection. This issue can be exploited by an unauthenticated user. The vulnerability involves improper neutralization of special elements used in an SQL command. Exploitation could lead to full system compromise. **Recommendations** Update Centreon Infra Monitoring to version 24.04.3 or later. Update Centreon Infra Monitoring to version 24.10.3 or later. Update Centreon Infra Monitoring to version 25.10.2 or later.