Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for open_tickets by centreon
CVE-2026-2749 (GCVE-0-2026-2749)
Vulnerability from nvd – Published: 2026-02-27 15:05 – Updated: 2026-03-06 15:31
VLAI?
Title
Path traversal in Centreon Open Tickets
Summary
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.
Severity ?
9.9 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon |
Affected:
all , < 25.10.3, 24.10.8, 24.04.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:27:52.270795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:31:59.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://download.centreon.com",
"defaultStatus": "unaffected",
"modules": [
"Centroen Open Ticket"
],
"packageName": "Centreon Open Tickets on Central Server",
"platforms": [
"Linux"
],
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.3, 24.10.8, 24.04.7",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Texugo from Haka\u00ef Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).\u003cp\u003eThis issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.\u003c/p\u003e"
}
],
"value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T15:05:17.203Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal in Centreon Open Tickets",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2026-2749",
"datePublished": "2026-02-27T15:05:17.203Z",
"dateReserved": "2026-02-19T14:25:05.119Z",
"dateUpdated": "2026-03-06T15:31:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8460 (GCVE-0-2025-8460)
Vulnerability from nvd – Published: 2025-12-22 10:55 – Updated: 2026-01-05 09:51
VLAI?
Title
A user with elevated privileges can inject XSS in the Notification rules configuration page
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
24.10.0 , < 24.10.5
(custom)
Affected: 24.04.0 , < 24.04.5 (custom) Affected: 23.10.0 , < 23.10.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:06:38.809854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:07:32.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Notification rules",
"Open tickets"
],
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.4",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcelo Queiroz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) \n\nallows Stored \n\nXSS by users with elevated privileges.\u003cp\u003eThis issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) \n\nallows Stored \n\nXSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T09:51:56.936Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8460-centreon-open-tickets-medium-severity-5344"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can inject XSS in the Notification rules configuration page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-8460",
"datePublished": "2025-12-22T10:55:58.934Z",
"dateReserved": "2025-08-01T13:57:56.199Z",
"dateUpdated": "2026-01-05T09:51:56.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12514 (GCVE-0-2025-12514)
Vulnerability from nvd – Published: 2025-12-22 10:59 – Updated: 2026-01-05 09:52
VLAI?
Title
A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows
SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring - Open-tickets |
Affected:
24.10.0 , < 24.10.5
(custom)
Affected: 24.04.0 , < 24.04.5 (custom) Affected: 23.10.0 , < 23.10.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:00:53.955586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:03:40.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Notification rules configuration parameters",
"Open tickets"
],
"product": "Infra Monitoring - Open-tickets",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.4",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcelo Queiroz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.\u003cp\u003eThis issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T09:52:48.786Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12514-centreon-open-tickets-high-severity-5343"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-12514",
"datePublished": "2025-12-22T10:59:18.155Z",
"dateReserved": "2025-10-30T15:26:40.360Z",
"dateUpdated": "2026-01-05T09:52:48.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2749 (GCVE-0-2026-2749)
Vulnerability from cvelistv5 – Published: 2026-02-27 15:05 – Updated: 2026-03-06 15:31
VLAI?
Title
Path traversal in Centreon Open Tickets
Summary
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.
Severity ?
9.9 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon |
Affected:
all , < 25.10.3, 24.10.8, 24.04.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:27:52.270795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:31:59.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://download.centreon.com",
"defaultStatus": "unaffected",
"modules": [
"Centroen Open Ticket"
],
"packageName": "Centreon Open Tickets on Central Server",
"platforms": [
"Linux"
],
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10.3, 24.10.8, 24.04.7",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Texugo from Haka\u00ef Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).\u003cp\u003eThis issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.\u003c/p\u003e"
}
],
"value": "Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T15:05:17.203Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2749-centreon-open-tickets-critical-severity-5493"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal in Centreon Open Tickets",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2026-2749",
"datePublished": "2026-02-27T15:05:17.203Z",
"dateReserved": "2026-02-19T14:25:05.119Z",
"dateUpdated": "2026-03-06T15:31:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12514 (GCVE-0-2025-12514)
Vulnerability from cvelistv5 – Published: 2025-12-22 10:59 – Updated: 2026-01-05 09:52
VLAI?
Title
A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows
SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring - Open-tickets |
Affected:
24.10.0 , < 24.10.5
(custom)
Affected: 24.04.0 , < 24.04.5 (custom) Affected: 23.10.0 , < 23.10.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:00:53.955586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:03:40.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Notification rules configuration parameters",
"Open tickets"
],
"product": "Infra Monitoring - Open-tickets",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.4",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcelo Queiroz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.\u003cp\u003eThis issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows \n\nSQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T09:52:48.786Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12514-centreon-open-tickets-high-severity-5343"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-12514",
"datePublished": "2025-12-22T10:59:18.155Z",
"dateReserved": "2025-10-30T15:26:40.360Z",
"dateUpdated": "2026-01-05T09:52:48.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8460 (GCVE-0-2025-8460)
Vulnerability from cvelistv5 – Published: 2025-12-22 10:55 – Updated: 2026-01-05 09:51
VLAI?
Title
A user with elevated privileges can inject XSS in the Notification rules configuration page
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Infra Monitoring |
Affected:
24.10.0 , < 24.10.5
(custom)
Affected: 24.04.0 , < 24.04.5 (custom) Affected: 23.10.0 , < 23.10.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:06:38.809854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:07:32.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Notification rules",
"Open tickets"
],
"product": "Infra Monitoring",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.4",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcelo Queiroz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) \n\nallows Stored \n\nXSS by users with elevated privileges.\u003cp\u003eThis issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) \n\nallows Stored \n\nXSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T09:51:56.936Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8460-centreon-open-tickets-medium-severity-5344"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can inject XSS in the Notification rules configuration page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-8460",
"datePublished": "2025-12-22T10:55:58.934Z",
"dateReserved": "2025-08-01T13:57:56.199Z",
"dateUpdated": "2026-01-05T09:51:56.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}