{"id":"CVE-2025-13056","summary":"A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) \n\nallows Stored XSS to users with high privileges.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.","modified":"2026-04-10T05:21:07.938625Z","published":"2026-01-05T10:10:35.646Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"Centreon","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13056.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13056.json"},{"type":"ADVISORY","url":"https://github.com/centreon/centreon/releases"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13056"},{"type":"ADVISORY","url":"https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"2490802617f615c4e1b9f70fb92a2a3499c50261"},{"fixed":"4c5f5245e426cfa2d67d690edeee7820dbd3b05b"}],"database_specific":{"versions":[{"introduced":"25.10.0"},{"fixed":"25.10.2"}]}},{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"38e3f869ec4005acb857c92e3e2671bfa60879b4"},{"fixed":"0c3804caa4f916d36e44d7b8dba143f9faf85baf"}],"database_specific":{"versions":[{"introduced":"24.10.0"},{"fixed":"24.10.15"}]}},{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"},{"fixed":"0f1557e8c84badd306755c4a543a0c0078260411"}],"database_specific":{"versions":[{"introduced":"24.04.0"},{"fixed":"24.04.19"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13056.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}]}