Approved changes feed: RSS · Atom
cpe:2.3:a:centreon:web:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Centreon (e01a1192-018f-55df-98f2-b9707fac306d) |
|---|---|
| Product | Web (a79ee7d1-f6b3-5656-bf00-0e02864ce0c5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:composer/centreon/centreon |
purl2cpe | 2026-06-01 10:10:56.300023 |
pkg:github/centreon/centreon |
purl2cpe | 2026-06-01 10:10:56.300025 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-2750 |
vulnerable | 2026-06-03 15:19:24.928720 |
Command Injection via CLAPI generatetraps
CRITICAL (9.1)
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
Published: 2026-02-27T14:58:29.021Z
Updated: 2026-03-06T15:32:35.310Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6791 |
vulnerable | 2026-06-03 15:12:29.127014 |
Second order SQL injection available to user with low privilege
HIGH (8.8)
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
Published: 2025-08-22T18:56:28.027Z
Updated: 2025-09-16T19:27:33.378Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4650 |
vulnerable | 2026-06-03 15:01:48.476010 |
User with high privileges is able to introduce a SQLi using the Meta Service indicator page
HIGH (7.2)
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Published: 2025-08-22T18:50:42.034Z
Updated: 2025-08-22T19:01:11.903Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4649 |
vulnerable | 2026-06-03 15:01:48.472502 |
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
MEDIUM (4.9)
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
Published: 2025-05-13T11:40:23.198Z
Updated: 2025-10-15T13:05:23.113Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4648 |
vulnerable | 2026-06-03 15:01:48.472038 |
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
HIGH (8.4)
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Published: 2025-05-13T09:45:41.519Z
Updated: 2025-10-08T10:07:58.081Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4647 |
vulnerable | 2026-06-03 15:01:48.471649 |
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
HIGH (8.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Published: 2025-05-13T09:31:17.529Z
Updated: 2025-05-13T13:08:24.128Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4646 |
vulnerable | 2026-06-03 15:01:48.470467 |
A high privilege user is able to create and use a valid admin API token in centreon-web
HIGH (7.2)
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
Published: 2025-05-13T09:17:35.146Z
Updated: 2025-10-08T10:00:43.607Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.