Centreon

Centreon Web

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-54893

  • EPSS 0.01%
  • Veröffentlicht 14.10.2025 15:24:24
  • Zuletzt bearbeitet 22.10.2025 14:09:19

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated privileges. This issue affects...

4.8

CVE-2025-54891

  • EPSS 0.01%
  • Veröffentlicht 14.10.2025 15:16:10
  • Zuletzt bearbeitet 21.10.2025 19:40:51

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affe...

4.8

CVE-2025-54892

  • EPSS 0.01%
  • Veröffentlicht 14.10.2025 14:59:10
  • Zuletzt bearbeitet 22.10.2025 14:08:08

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with elevated privileges. This issue affects...

4.8

CVE-2025-54889

  • EPSS 0.01%
  • Veröffentlicht 14.10.2025 14:54:31
  • Zuletzt bearbeitet 21.10.2025 19:42:19

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue af...

7.2

CVE-2025-5946

  • EPSS 24.09%
  • Veröffentlicht 14.10.2025 14:29:00
  • Zuletzt bearbeitet 22.10.2025 14:08:29

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a use...

5.4

CVE-2025-8428

  • EPSS 0.01%
  • Veröffentlicht 14.10.2025 14:22:03
  • Zuletzt bearbeitet 22.10.2025 14:08:48

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, f...

8.8

CVE-2025-6791

  • EPSS 0.03%
  • Veröffentlicht 22.08.2025 18:56:28
  • Zuletzt bearbeitet 22.10.2025 14:06:29

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monito...

7.2

CVE-2025-4650

  • EPSS 0.04%
  • Veröffentlicht 22.08.2025 18:50:42
  • Zuletzt bearbeitet 22.10.2025 14:05:53

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.0...

7.2

CVE-2025-5945

  • EPSS -
  • Veröffentlicht 10.06.2025 07:31:04
  • Zuletzt bearbeitet 10.06.2025 09:15:25

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

4.9

CVE-2025-4649

  • EPSS 0.05%
  • Veröffentlicht 13.05.2025 11:40:23
  • Zuletzt bearbeitet 22.10.2025 14:05:13

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all availab...