Centreon

Centreon Web

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-4648

  • EPSS 0.08%
  • Veröffentlicht 13.05.2025 09:45:41
  • Zuletzt bearbeitet 22.10.2025 14:12:11

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects...

4.8

CVE-2025-4647

  • EPSS 0.06%
  • Veröffentlicht 13.05.2025 09:31:17
  • Zuletzt bearbeitet 22.10.2025 14:13:18

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing ...

7.2

CVE-2025-4646

  • EPSS 0.07%
  • Veröffentlicht 13.05.2025 09:17:35
  • Zuletzt bearbeitet 22.10.2025 14:13:47

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

7.2

CVE-2025-3872

  • EPSS 0.18%
  • Veröffentlicht 24.04.2025 09:19:33
  • Zuletzt bearbeitet 22.10.2025 14:10:02

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by inter...

7.2

CVE-2024-55573

  • EPSS 0.26%
  • Veröffentlicht 23.01.2025 23:15:08
  • Zuletzt bearbeitet 06.06.2025 15:32:04

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.

7.2

CVE-2024-53923

  • EPSS 0.2%
  • Veröffentlicht 23.01.2025 22:15:14
  • Zuletzt bearbeitet 06.06.2025 15:32:07

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.

6.2

CVE-2024-47863

  • EPSS 0.47%
  • Veröffentlicht 22.11.2024 20:15:09
  • Zuletzt bearbeitet 25.11.2024 18:15:13

An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is o...

9.1

CVE-2024-33854

  • EPSS 0.12%
  • Veröffentlicht 23.08.2024 17:15:06
  • Zuletzt bearbeitet 09.05.2025 14:11:23

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

8.8

CVE-2024-39841

  • EPSS 0.18%
  • Veröffentlicht 23.08.2024 17:15:06
  • Zuletzt bearbeitet 09.05.2025 14:12:09

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

9.1

CVE-2024-33853

  • EPSS 0.12%
  • Veröffentlicht 23.08.2024 17:15:06
  • Zuletzt bearbeitet 09.05.2025 14:11:14

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.