CVE-2025-10023

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.

PUBLISHED Reserved 2025-09-05 | Published 2025-10-27 | Updated 2025-10-30 | Assigner Centreon

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Credits

SpawnZii finder

References

github.com/centreon/centreon/releases release-notes

thewatch.centreon.com/...b-all-versions-medium-severity-5179 vendor-advisory

cve.org (CVE-2025-10023)

nvd.nist.gov (CVE-2025-10023)

Download JSON