CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-4649 – ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
https://notcve.org/view.php?id=CVE-2025-4649
13 May 2025 — Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26. Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into ac... • https://github.com/centreon/centreon/releases • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4648 – A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
https://notcve.org/view.php?id=CVE-2025-4648
13 May 2025 — Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inje... • https://github.com/centreon/centreon/releases • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4647 – A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
https://notcve.org/view.php?id=CVE-2025-4647
13 May 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. • https://github.com/centreon/centreon/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •