CVE-2025-12513
- Source
- https://cve.org/CVERecord?id=CVE-2025-12513
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12513.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-12513
- Published
- 2026-01-05T13:43:42.969Z
- Modified
- 2026-03-01T02:54:06.894420Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- A user with elevated privileges can inject XSS in the Hosts configuration parameters page
- Details
-
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
- Database specific
{ "cna_assigner": "Centreon", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12513.json" }- References
Affected packages
Git / github.com/centreon/centreon
Affected ranges
Affected versions
centreon-awie-24.*
centreon-awie-24.04.0
centreon-awie-24.04.1
centreon-awie-24.10.0
centreon-awie-24.10.1
centreon-dsm-24.*
centreon-dsm-24.04.0
centreon-dsm-24.04.2
centreon-dsm-24.04.3
centreon-dsm-24.04.4
centreon-dsm-24.04.5
centreon-dsm-24.04.6
centreon-dsm-24.04.7
centreon-dsm-24.10.0
centreon-dsm-24.10.1
centreon-dsm-24.10.2
centreon-dsm-24.10.3
centreon-gorgone-24.*
centreon-gorgone-24.04.0
centreon-gorgone-24.04.1
centreon-gorgone-24.04.2
centreon-ha-24.*
centreon-ha-24.04.0
centreon-ha-24.04.1
centreon-ha-24.10.0
centreon-ha-24.10.1
centreon-open-tickets-24.*
centreon-open-tickets-24.04.0
centreon-open-tickets-24.04.1
centreon-open-tickets-24.04.2
centreon-open-tickets-24.04.3
centreon-open-tickets-24.04.4
centreon-open-tickets-24.10.0
centreon-open-tickets-24.10.1
centreon-open-tickets-24.10.2
centreon-open-tickets-24.10.3
centreon-open-tickets-24.10.4
centreon-web-24.*
centreon-web-24.04.0
centreon-web-24.04.10
centreon-web-24.04.11
centreon-web-24.04.12
centreon-web-24.04.13
centreon-web-24.04.14
centreon-web-24.04.15
centreon-web-24.04.16
centreon-web-24.04.17
centreon-web-24.04.18
centreon-web-24.04.2
centreon-web-24.04.3
centreon-web-24.04.4
centreon-web-24.04.5
centreon-web-24.04.6
centreon-web-24.04.7
centreon-web-24.04.8
centreon-web-24.04.9
centreon-web-24.10.0
centreon-web-24.10.1
centreon-web-24.10.10
centreon-web-24.10.11
centreon-web-24.10.12
centreon-web-24.10.13
centreon-web-24.10.14
centreon-web-24.10.2
centreon-web-24.10.3
centreon-web-24.10.4
centreon-web-24.10.5
centreon-web-24.10.6
centreon-web-24.10.7
centreon-web-24.10.8
centreon-web-24.10.9
centreon-widget-servicegroup-monitoring-23.*
centreon-widget-servicegroup-monitoring-23.10.2
release-onprem-20250900-24.*
release-onprem-20250900-24.04
release-onprem-20250901-24.*
release-onprem-20250901-24.10
release-onprem-20250902-24.*
release-onprem-20250902-24.10