CVE-2025-8460

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-8460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8460

Published

2025-12-22T10:55:58.934Z

Modified

2026-03-01T02:56:00.493227Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

A user with elevated privileges can inject XSS in the Notification rules configuration page

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)

allows Stored

XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

Database specific

{
    "cna_assigner": "Centreon",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8460.json",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

38e3f869ec4005acb857c92e3e2671bfa60879b4

Fixed

d16d4cf9526f77dc4b4b72814bc5695f5a0321e2

Database specific

{
    "versions": [
        {
            "introduced": "24.10.0"
        },
        {
            "fixed": "24.10.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3

Fixed

369945d904ad861b8c10203b9bb4d5035c8575c5

Database specific

{
    "versions": [
        {
            "introduced": "24.04.0"
        },
        {
            "fixed": "24.04.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/centreon/centreon

Events

Introduced

755448bcd365969a97e902b856a1e5f56d80adaa

Fixed

fb4f4d3b5201af9f2c1cfc14108e0a74b651486e

Database specific

{
    "versions": [
        {
            "introduced": "23.10.0"
        },
        {
            "fixed": "23.10.4"
        }
    ]
}

Affected versions

centreon-awie-23.*

centreon-awie-23.10.0

centreon-awie-24.*

centreon-awie-24.04.0

centreon-awie-24.10.0

centreon-dsm-23.*

centreon-dsm-23.10.0

centreon-dsm-23.10.1

centreon-dsm-23.10.2

centreon-dsm-23.10.3

centreon-dsm-24.*

centreon-dsm-24.04.0

centreon-dsm-24.04.2

centreon-dsm-24.10.0

centreon-gorgone-23.*

centreon-gorgone-23.10.0

centreon-gorgone-23.10.1

centreon-gorgone-23.10.2

centreon-gorgone-23.10.3

centreon-gorgone-23.10.5

centreon-gorgone-23.10.6

centreon-gorgone-23.10.7

centreon-gorgone-23.10.8

centreon-gorgone-23.10.9

centreon-gorgone-24.*

centreon-gorgone-24.04.0

centreon-gorgone-24.04.1

centreon-ha-23.*

centreon-ha-23.10.0

centreon-ha-24.*

centreon-ha-24.04.0

centreon-open-tickets-23.*

centreon-open-tickets-23.10.0

centreon-open-tickets-23.10.1

centreon-open-tickets-23.10.2

centreon-open-tickets-23.10.3

centreon-open-tickets-24.*

centreon-open-tickets-24.04.0

centreon-open-tickets-24.10.0

centreon-open-tickets-24.10.1

centreon-web-23.*

centreon-web-23.10.0

centreon-web-23.10.1

centreon-web-23.10.11

centreon-web-23.10.12

centreon-web-23.10.13

centreon-web-23.10.14

centreon-web-23.10.15

centreon-web-23.10.16

centreon-web-23.10.17

centreon-web-23.10.18

centreon-web-23.10.19

centreon-web-23.10.2

centreon-web-23.10.20

centreon-web-23.10.21

centreon-web-23.10.22

centreon-web-23.10.3

centreon-web-23.10.4

centreon-web-23.10.5

centreon-web-23.10.6

centreon-web-23.10.7

centreon-web-23.10.8

centreon-web-23.10.9

centreon-web-24.*

centreon-web-24.04.0

centreon-web-24.04.2

centreon-web-24.04.3

centreon-web-24.04.4

centreon-web-24.10.0

centreon-web-24.10.1

centreon-web-24.10.2

centreon-web-24.10.3

centreon-web-24.10.4

centreon-widget-engine-status-23.*

centreon-widget-engine-status-23.10.0

centreon-widget-global-health-23.*

centreon-widget-global-health-23.10.0

centreon-widget-graph-monitoring-23.*

centreon-widget-graph-monitoring-23.10.0

centreon-widget-host-monitoring-23.*

centreon-widget-host-monitoring-23.10.0

centreon-widget-host-monitoring-23.10.1

centreon-widget-host-monitoring-23.10.2

centreon-widget-hostgroup-monitoring-23.*

centreon-widget-hostgroup-monitoring-23.10.0

centreon-widget-hostgroup-monitoring-23.10.1

centreon-widget-httploader-23.*

centreon-widget-httploader-23.10.0

centreon-widget-live-top10-cpu-usage-23.*

centreon-widget-live-top10-cpu-usage-23.10.0

centreon-widget-live-top10-cpu-usage-23.10.1

centreon-widget-live-top10-memory-usage-23.*

centreon-widget-live-top10-memory-usage-23.10.0

centreon-widget-live-top10-memory-usage-23.10.1

centreon-widget-ntopng-listing-23.*

centreon-widget-ntopng-listing-23.10.0

centreon-widget-service-monitoring-23.*

centreon-widget-service-monitoring-23.10.0

centreon-widget-service-monitoring-23.10.1

centreon-widget-servicegroup-monitoring-23.*

centreon-widget-servicegroup-monitoring-23.10.0

centreon-widget-servicegroup-monitoring-23.10.1

centreon-widget-single-metric-23.*

centreon-widget-single-metric-23.10.0

centreon-widget-tactical-overview-23.*

centreon-widget-tactical-overview-23.10.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8460.json"