Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
History

Tue, 21 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Centreon centreon Web
CPEs cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*
Vendors & Products Centreon centreon Web

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Centreon
Centreon centreon
Vendors & Products Centreon
Centreon centreon

Wed, 15 Oct 2025 13:30:00 +0000


Tue, 14 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Title A user with elevated privileges can inject XSS in the ACL Resource Access configuration page
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Centreon

Published: 2025-10-14T15:07:01.145Z

Updated: 2025-10-15T13:12:10.485Z

Reserved: 2025-07-31T18:22:28.420Z

Link: CVE-2025-54891

cve-icon Vulnrichment

Updated: 2025-10-14T16:06:32.547Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-14T15:16:10.077

Modified: 2025-10-21T19:40:51.233

Link: CVE-2025-54891

cve-icon Redhat

No data.