Marcelo Queiroz

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 25.10.0 through 25.10.1 Centreon Infra Monitoring versions 24.10.0 through 24.10.14 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 **Description** A flaw exists in Centreon Infra Monitoring related to improper input neutralization during web page generation, specifically a Stored Cross-Site Scripting (XSS) issue. This impacts the Hosts configuration form modules and allows for malicious script injection. The issue affects users with high privileges. **Recommendations** Update Centreon Infra Monitoring to version 25.10.2 or later. Update Centreon Infra Monitoring to version 24.10.15 or later. Update Centreon Infra Monitoring to version 24.04.19 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 25.10.0 through 25.10.0 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 24.04.0 through 24.04.7 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks targeting users with elevated privileges within the Centreon Infra Monitoring system. The issue is located in the DSM extension configuration modules. **Recommendations** Update Centreon Infra Monitoring to version 25.10.1 or later. Update Centreon Infra Monitoring to version 24.10.4 or later. Update Centreon Infra Monitoring to version 24.04.8 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring - Open-tickets versions 23.10.0 through 23.10.4 Centreon Infra Monitoring - Open-tickets versions 24.04.0 through 24.04.5 Centreon Infra Monitoring - Open-tickets versions 24.10.0 through 24.10.5 **Description** A flaw exists in Centreon Infra Monitoring - Open-tickets related to the improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. This impacts the Notification rules configuration parameters and Open tickets modules. Successful exploitation could allow a user with elevated privileges to inject malicious SQL code. **Recommendations** Update Centreon Infra Monitoring - Open-tickets to version 23.10.5 or later. Update Centreon Infra Monitoring - Open-tickets to version 24.04.5 or later. Update Centreon Infra Monitoring - Open-tickets to version 24.10.5 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.29 Centreon Infra Monitoring versions 24.04.0 through 24.04.19 Centreon Infra Monitoring versions 24.10.0 through 24.10.15 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting (XSS) condition. This impacts the Hostgroup configuration page and can be exploited by users with elevated privileges. Stored XSS occurs when malicious scripts are injected into a website and stored on the server, allowing them to be executed whenever a user visits the affected page. **Recommendations** Update Centreon Infra Monitoring to version 23.10.29 or later. Update Centreon Infra Monitoring to version 24.04.19 or later. Update Centreon Infra Monitoring to version 24.10.15 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.4 Centreon Infra Monitoring versions 24.04.0 through 24.04.5 Centreon Infra Monitoring versions 24.10.0 through 24.10.5 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting (XSS) condition. This allows users with elevated privileges to execute malicious scripts. The issue is located within the Notification rules and Open tickets module. **Recommendations** Update Centreon Infra Monitoring versions 23.10.0 through 23.10.4 to version 23.10.5 or later. Update Centreon Infra Monitoring versions 24.04.0 through 24.04.5 to version 24.04.6 or later. Update Centreon Infra Monitoring versions 24.10.0 through 24.10.5 to version 24.10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.10.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Stored Cross-Site Scripting (XSS). The issue occurs via the `matricula interna` parameter in the `/educar usuario cad.php` API endpoint. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 24.10.0 through 24.10.12 Centreon Infra Monitoring versions 24.04.0 through 24.04.17 Centreon Infra Monitoring versions 23.10.0 through 23.10.27 **Description** A flaw exists in Centreon Infra Monitoring related to improper input neutralization during web page generation, potentially leading to Stored Cross-site Scripting (XSS). This issue is present in the SNMP traps manufacturer configuration modules and can be exploited by users with elevated privileges. The attack involves injecting malicious scripts into web pages, which are then stored and executed when other users access those pages. **Recommendations** Update Centreon Infra Monitoring to version 24.10.13 or later. Update Centreon Infra Monitoring to version 24.04.18 or later. Update Centreon Infra Monitoring to version 23.10.28 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 24.10.0 through 24.10.12 Centreon Infra Monitoring versions 24.04.0 through 24.04.17 Centreon Infra Monitoring versions 23.10.0 through 23.10.27 **Description** A flaw exists in Centreon Infra Monitoring’s recurrent downtime scheduler modules due to improper neutralization of user input during web page generation. This allows for Stored Cross-site Scripting (XSS). Stored XSS occurs when malicious scripts are stored on the server and executed in the context of other users’ browsers. **Recommendations** Update Centreon Infra Monitoring to version 24.10.13 or later. Update Centreon Infra Monitoring to version 24.04.18 or later. Update Centreon Infra Monitoring to version 23.10.28 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 **Description** The software contains a flaw related to improper neutralization of input during web page generation, which could lead to Cross-site Scripting (XSS). This issue exists within the ACL Resource access configuration modules and can be exploited by users with elevated privileges to inject malicious scripts. **Recommendations** Update Centreon Infra Monitoring to version 23.10.29 or later. Update Centreon Infra Monitoring to version 24.04.19 or later. Update Centreon Infra Monitoring to version 24.10.14 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 24.10.0 through 24.10.12 Centreon Infra Monitoring versions 24.04.0 through 24.04.17 Centreon Infra Monitoring versions 23.10.0 through 23.10.27 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting condition. This affects the SNMP traps group configuration modules and can be exploited by users with elevated privileges. The issue allows for the injection of malicious scripts into web pages. **Recommendations** Update Centreon Infra Monitoring to version 24.10.13 or later. Update Centreon Infra Monitoring to version 24.04.18 or later. Update Centreon Infra Monitoring to version 23.10.28 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 **Description** A flaw exists in Centreon Infra Monitoring related to improper input handling during web page generation, potentially leading to Stored Cross-site Scripting (XSS). This issue is present in the Hosts templates configuration modules and can be exploited by users with elevated privileges. **Recommendations** Update Centreon Infra Monitoring to version 23.10.28 or later. Update Centreon Infra Monitoring to version 24.04.18 or later. Update Centreon Infra Monitoring to version 24.10.13 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting (XSS). This affects the ACL Action access configuration modules. The issue allows for Stored XSS exploitation by users with elevated privileges. **Recommendations** Update Centreon Infra Monitoring to version 23.10.29 or later. Update Centreon Infra Monitoring to version 24.04.19 or later. Update Centreon Infra Monitoring to version 24.10.14 or later.

**Name of the Vulnerable Software and Affected Versions** Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 **Description** The software contains a flaw related to improper input handling during web page generation, potentially leading to Cross-site Scripting (XSS). This issue impacts the Commands Connectors configuration modules and can be exploited by users with elevated privileges to inject malicious scripts. Stored XSS is possible. **Recommendations** Update Centreon Infra Monitoring to version 23.10.29 or later. Update Centreon Infra Monitoring to version 24.04.19 or later. Update Centreon Infra Monitoring to version 24.10.14 or later.