Skip to main content

Centreon Web CVE-2025-12513

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-01-05 bd4443e6-1eef-43f3-9886-25fc9ceeaae7
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Jan 26, 2026 - 15:09 nvd
Patch available
CVE Published
Jan 05, 2026 - 14:15 nvd
MEDIUM 6.8

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.

This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

AnalysisAI

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. [CVSS 6.8 MEDIUM]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Centreon Web. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.

This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

RemediationAI

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2019-17107 HIGH POC
8.8 Oct 08

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the comman

CVE-2019-16406 HIGH POC
7.8 Nov 21

Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual ma

CVE-2019-16405 HIGH POC
7.2 Nov 21

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code

CVE-2019-17108 MEDIUM POC
6.1 Oct 08

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or

CVE-2024-32501 CRITICAL
9.8 Aug 23

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.1

CVE-2018-11589 CRITICAL
9.8 Jun 25

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU par

CVE-2018-11587 CRITICAL
9.8 Jun 25

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric f

CVE-2024-33854 CRITICAL
9.1 Aug 23

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x bef

CVE-2024-33853 CRITICAL
9.1 Aug 23

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before

CVE-2024-33852 CRITICAL
9.1 Aug 23

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23

CVE-2024-39841 HIGH
8.8 Aug 23

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3,

CVE-2024-5725 HIGH
8.8 Aug 21

Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi

Share

CVE-2025-12513 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy