PT-2025-20880 · Centreon · Centreon Web
Published
2025-05-13
·
Updated
2025-10-22
·
CVE-2025-4647
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Centreon web versions 22.10.0 through 22.10.28
Centreon web versions 23.04.0 through 23.04.26
Centreon web versions 23.10.0 through 23.10.21
Centreon web versions 24.04.0 through 24.04.10
Centreon web versions 24.10.0 through 24.10.4
Description:
The issue affects Centreon web, allowing Reflected XSS due to improper neutralization of input during web page generation. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG, enabling cross-site scripting attacks.
Recommendations:
For Centreon web versions 22.10.0 through 22.10.28, update to version 22.10.29 or later.
For Centreon web versions 23.04.0 through 23.04.26, update to version 23.04.27 or later.
For Centreon web versions 23.10.0 through 23.10.21, update to version 23.10.22 or later.
For Centreon web versions 24.04.0 through 24.04.10, update to version 24.04.11 or later.
For Centreon web versions 24.10.0 through 24.10.4, update to version 24.10.5 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon Web