CVE-2025-4647

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4647

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4647.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4647

Published

2025-05-13T10:15:29Z

Modified

2025-05-17T14:26:18.704595Z

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.

A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.

This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type: GIT
Repo: https://github.com/centreon/centreon
Events: Introduced

38e3f869ec4005acb857c92e3e2671bfa60879b4

Fixed

d16d4cf9526f77dc4b4b72814bc5695f5a0321e2

Affected versions

centreon-awie-24.*

centreon-awie-24.10.0

centreon-dsm-24.*

centreon-dsm-24.10.0

centreon-open-tickets-24.*

centreon-open-tickets-24.10.0

centreon-open-tickets-24.10.1

centreon-web-24.*

centreon-web-24.10.0

centreon-web-24.10.1

centreon-web-24.10.2

centreon-web-24.10.3

centreon-web-24.10.4