{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.10.0"
              },
              {
                "fixed": "24.10.13"
              }
            ]
          },
          "events": [
            {
              "introduced": "38e3f869ec4005acb857c92e3e2671bfa60879b4"
            },
            {
              "fixed": "177a3974fdcb27b3df760bac2ac3ee6edf33aa85"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "24.04.0"
              },
              {
                "fixed": "24.04.18"
              }
            ]
          },
          "events": [
            {
              "introduced": "7b39edd9d115eabe0fae2b4bd1aded1889dbb6c3"
            },
            {
              "fixed": "6390e0c7e585ee5aa4226122974a5d337c759f23"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "23.10.0"
              },
              {
                "fixed": "23.10.28"
              }
            ]
          },
          "events": [
            {
              "introduced": "755448bcd365969a97e902b856a1e5f56d80adaa"
            },
            {
              "fixed": "c5a9b088358a21efc8f8f7a199b89fd7ef2a3b9c"
            }
          ],
          "repo": "https://github.com/centreon/centreon",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Centreon",
    "cwe_ids": [
      "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54892.json"
  },
  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) \n\nallows Stored XSS by users with elevated privileges.\n\nThis issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.",
  "id": "CVE-2025-54892",
  "modified": "2026-03-04T02:34:11.350053500Z",
  "published": "2025-10-14T14:59:10.681Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54892.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/centreon/centreon/releases"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54892"
    },
    {
      "type": "ADVISORY",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "A user with elevated privileges can inject XSS in the SNMP traps group configuration page"
}