CVE-2025-8460

Published: Dec 22, 2025Modified: Jan 26, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

Affected (3)

Products: Centreon: Open Tickets

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Centreon Open Tickets	From 23.10.0 to 23.10.4
Centreon Open Tickets	From 24.04.0 to 24.04.5
Centreon Open Tickets	From 24.10.0 to 24.10.5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/centreon/centreon/releases

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

Release Notes

https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8460-centreon-open-tickets-medium-severity-5344

Source: bd4443e6-1eef-43f3-9886-25fc9ceeaae7

PatchVendor Advisory

Timeline

No history available yet.