CVE-2025-54890

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.

PUBLISHED Reserved 2025-07-31 | Published 2025-12-22 | Updated 2025-12-22 | Assigner Centreon

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Credits

Marcelo Queiroz finder

References

github.com/centreon/centreon/releases

cve.org (CVE-2025-54890)

nvd.nist.gov (CVE-2025-54890)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.