{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "25.10.0"
              },
              {
                "fixed": "25.10.2"
              }
            ]
          },
          "events": [
            {
              "introduced": "2490802617f615c4e1b9f70fb92a2a3499c50261"
            },
            {
              "fixed": "4c5f5245e426cfa2d67d690edeee7820dbd3b05b"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.10.0"
              },
              {
                "fixed": "24.10.15"
              }
            ]
          },
          "events": [
            {
              "introduced": "38e3f869ec4005acb857c92e3e2671bfa60879b4"
            },
            {
              "fixed": "0c3804caa4f916d36e44d7b8dba143f9faf85baf"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.04.0"
              },
              {
                "fixed": "24.04.19"
              }
            ]
          },
          "events": [
            {
              "introduced": "7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"
            },
            {
              "fixed": "0f1557e8c84badd306755c4a543a0c0078260411"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Centreon",
    "cwe_ids": [
      "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13056.json"
  },
  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) \n\nallows Stored XSS to users with high privileges.\n\nThis issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.",
  "id": "CVE-2025-13056",
  "modified": "2026-03-01T02:35:44.450135118Z",
  "published": "2026-01-05T10:10:35.646Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13056.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13056"
    },
    {
      "type": "ADVISORY",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page"
}