CVE-2025-4647 – Centreon Web Cross-Site Scripting (XSS)

May 13, 2025

CVE ID : CVE-2025-4647

Published : May 13, 2025, 10:15 a.m. | 29 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon web allows Reflected XSS.

A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.

This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4646 – Centreon Web Privilege Escalation Vulnerability

Next Article CVE-2025-4648 – Centreon Web Reflected Cross-Site Scripting (XSS)

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-4647 – Centreon Web Cross-Site Scripting (XSS)

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-3744 – Nomad Sentinel Policy Bypass

Thanks to a misprice, my favorite controller is at its all-time lowest price right now â€” go quick before they change their mind!

AI Guide for new CFOs

AI Performance Metrics: Insights from Experts

KAIST Researchers Introduce CHOP: Enhancing EFL Studentsâ€™ Oral Presentation Skills with Real-Time, Personalized Feedback Using ChatGPT and Whisper Technologies

Task-Specific Data Selection: A Practical Approach to Enhance Fine-Tuning Efficiency and Performance

Neurodiverse-Friendly UX: A Design Guide

The Radio-Head

DeepSeek outperforms OpenAI’s reasoning model at just 3% of the cost after President Trump’s $500 billion Stargate AI initiative. “All I know is we keep pushing forward to make open-source AGI a reality for everyone🚀”

CVE-2025-4647 – Centreon Web Cross-Site Scripting (XSS)

Related Posts