Infra Monitoring
Approved changes feed: RSS · Atom
cpe:2.3:a:centreon:infra_monitoring:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Centreon (e01a1192-018f-55df-98f2-b9707fac306d) |
|---|---|
| Product | Infra Monitoring (4d8bff4c-ec41-5088-aab9-bac3620df942) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8460 |
vulnerable | 2026-06-03 15:13:44.019643 |
A user with elevated privileges can inject XSS in the Notification rules configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Published: 2025-12-22T10:55:58.934Z
Updated: 2026-01-05T09:51:56.936Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8459 |
vulnerable | 2026-06-03 15:13:44.019218 |
A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page
HIGH (7.7)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T17:11:30.565Z
Updated: 2025-10-15T13:13:21.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8432 |
vulnerable | 2026-06-03 15:13:43.600398 |
CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON
HIGH (8.4)
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.
Published: 2025-10-27T10:08:33.662Z
Updated: 2025-10-30T13:51:12.045Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8430 |
vulnerable | 2026-06-03 15:13:43.596891 |
A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T16:54:43.948Z
Updated: 2025-10-15T13:13:42.544Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8429 |
vulnerable | 2026-06-03 15:13:43.596366 |
A user with elevated privileges can inject XSS in the ACL Action access configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T15:29:56.095Z
Updated: 2025-10-15T13:14:03.171Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8428 |
vulnerable | 2026-06-03 15:13:43.594916 |
XSS found in the HTTP loader widget
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T14:22:03.098Z
Updated: 2025-10-14T16:01:54.470Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5965 |
vulnerable | 2026-06-03 15:07:55.138487 |
RCE via the backup feature available only to user with high privilege
HIGH (7.2)
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
Published: 2026-01-05T10:06:05.494Z
Updated: 2026-01-08T15:43:03.373Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5946 |
vulnerable | 2026-06-03 15:07:55.099594 |
RCE via the poller reload feature available only to user with high privilege
HIGH (7.2)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection.
On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T14:29:00.514Z
Updated: 2025-10-14T16:03:12.207Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54893 |
vulnerable | 2026-06-03 15:04:57.067552 |
A user with elevated privileges can inject XSS in the Hosts templates configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T15:24:24.017Z
Updated: 2025-10-15T13:13:00.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54892 |
vulnerable | 2026-06-03 15:04:57.067052 |
A user with elevated privileges can inject XSS in the SNMP traps group configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules)
allows Stored XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T14:59:10.681Z
Updated: 2025-10-15T13:12:33.859Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54891 |
vulnerable | 2026-06-03 15:04:57.066735 |
A user with elevated privileges can inject XSS in the ACL Resource Access configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T15:07:01.145Z
Updated: 2025-10-15T13:12:10.485Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54890 |
vulnerable | 2026-06-03 15:04:57.066189 |
A user with elevated privileges can inject XSS in the Hostgroups configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.
Published: 2025-12-22T11:07:28.095Z
Updated: 2026-01-05T09:51:16.625Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54889 |
vulnerable | 2026-06-03 15:04:57.064915 |
A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
Published: 2025-10-14T14:54:31.311Z
Updated: 2025-10-15T13:11:44.087Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15029 |
vulnerable | 2026-06-03 14:58:56.383735 |
An unauthenticated user is able to introduce SQL Injection using the Awie export module
CRITICAL (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Published: 2026-01-05T14:34:02.986Z
Updated: 2026-01-08T15:42:26.198Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15026 |
vulnerable | 2026-06-03 14:58:56.380435 |
Unauthenticated configuration import allows administrative account creation using AWIE component
CRITICAL (9.8)
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
Published: 2026-01-05T14:31:34.223Z
Updated: 2026-01-08T15:42:06.582Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13056 |
vulnerable | 2026-06-03 14:58:45.454227 |
A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules)
allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
Published: 2026-01-05T10:10:35.646Z
Updated: 2026-01-08T15:41:37.647Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12519 |
vulnerable | 2026-06-03 14:58:44.483055 |
Information disclosure on Administration parameters API endpoint
MEDIUM (5.3)
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
Published: 2026-01-05T10:15:08.921Z
Updated: 2026-01-08T15:41:12.866Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12513 |
vulnerable | 2026-06-03 14:58:44.472345 |
A user with elevated privileges can inject XSS in the Hosts configuration parameters page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
Published: 2026-01-05T13:43:42.969Z
Updated: 2026-01-08T15:40:41.095Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12511 |
vulnerable | 2026-06-03 14:58:44.469303 |
A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS
to user with elevated privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
Published: 2026-01-05T14:05:52.794Z
Updated: 2026-01-08T15:40:12.515Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10023 |
vulnerable | 2026-06-03 14:58:33.423033 |
A user with elevated privileges can inject XSS in the Services Meta-services configuration page
MEDIUM (6.2)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules)
allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Published: 2025-10-27T15:07:21.621Z
Updated: 2025-10-30T13:48:16.904Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.