Featured image of post CVE-2025-54891
XSS Moderate Centreon Security WebApp

CVE-2025-54891

Cross-Site Scripting (XSS) Stored

CVE-2025-54891: Cross-Site Scripting (XSS) Stored in Centreon Infra Monitoring

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-54891

Summary

A user with elevated privileges can inject XSS in the ACL Resource Access configuration page.

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

Impact

  • Stealing session cookies: Attackers can use stolen session cookies to hijack a user's session and perform actions on their behalf.
  • Downloading malware: Attackers can trick users into downloading and installing malware on their computers.
  • Hijacking browsers: Attackers can hijack a user's browser or deliver browser-based exploits.
  • Stealing credentials: Attackers can steal a user's credentials.
  • Obtaining sensitive information: Attackers can obtain sensitive information stored in a user's account or in their browser.
  • Defacing websites: Attackers can deface a website by altering its content.
  • Misdirecting users: Attackers can change the instructions given to users who visit the target website, misdirecting their behavior.
  • Damaging a business's reputation: Attackers can damage a business's image or spread misinformation by defacing a corporate website.

Reference

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122

Finder

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy