CVE-2025-13056

CVE-2025-13056https://www.cvehunters.com/p/cve-2025-13056/Cross-Site Scripting (XSS) StoredCVE-2025-13056https://www.cvehunters.com/p/cve-2025-13056/https://www.cvehunters.com/p/cve-2025-13056/<h2 id="cve-2025-13056-cross-site-scripting-xss-stored">CVE-2025-13056: Cross-Site Scripting (XSS) Stored </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2025-13056" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2025-13056</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page.</p> <h2 id="impact">Impact </h2><p style="text-align: justify;"> <ul> <li>Session hijacking: Stealing cookies or authentication tokens to impersonate users.</li> <li>Credential theft: Harvesting usernames and passwords using malicious scripts.</li> <li>Malware delivery: Distributing unwanted or harmful code to victims.</li> <li>Privilege escalation: Compromising administrative users through persistent scripts.</li> <li>Data manipulation or defacement: Changing or disrupting site content.</li> <li>Reputation damage: Eroding trust among site users and administrators.</li> </ul> </p><h2 id="cve-2025-13056-cross-site-scripting-xss-stored">CVE-2025-13056: Cross-Site Scripting (XSS) Stored </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2025-13056" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2025-13056</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page.</p> <h2 id="impact">Impact </h2><p style="text-align: justify;"> <ul> <li>Session hijacking: Stealing cookies or authentication tokens to impersonate users.</li> <li>Credential theft: Harvesting usernames and passwords using malicious scripts.</li> <li>Malware delivery: Distributing unwanted or harmful code to victims.</li> <li>Privilege escalation: Compromising administrative users through persistent scripts.</li> <li>Data manipulation or defacement: Changing or disrupting site content.</li> <li>Reputation damage: Eroding trust among site users and administrators.</li> </ul> </p> <h2 id="reference">Reference </h2><p><em><strong><a class="link" href="https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358" target="_blank" rel="noopener" >https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358</a></strong></em></p> <h2 id="finder">Finder </h2><p><a class="link" href="http://www.linkedin.com/in/marceloqueirozjr" target="_blank" rel="noopener" ><img src="/assets/contributors/50x50/marcelo50x50.png" loading="lazy" /></a> <a class="link" href="http://www.linkedin.com/in/marceloqueirozjr" target="_blank" rel="noopener" >Marcelo Queiroz</a></p> <blockquote> <p><em><strong>By: <a class="link" href="https://github.com/CVE-Hunters/cve-hunters" target="_blank" rel="noopener" >CVE-Hunters</a></strong></em></p> </blockquote>Mon, 05 Jan 2026 00:00:00 +0000