{"id":"CVE-2024-47863","details":"An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-privilege access.","modified":"2026-04-09T10:24:03.658007Z","published":"2024-11-22T20:15:09.060Z","references":[{"type":"WEB","url":"https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-47863-centreon-web-medium-severity-4059"},{"type":"PACKAGE","url":"https://github.com/centreon/centreon/releases"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/centreon/centreon","events":[{"introduced":"9943050496f33d58bf79604fe0e1a25e245c696a"},{"fixed":"38e3f869ec4005acb857c92e3e2671bfa60879b4"},{"introduced":"842f0fc960ba52485b1be6104ca263287d6af526"},{"fixed":"190a7b7b7601f74d6d86b74d91c3b5e13663bde1"},{"introduced":"6af71198938611074c5754b3d4772b60cc627d0e"},{"fixed":"ae82317e7917fccbff93ecb7b8a129614a2150c5"},{"introduced":"78bb6bc7a94c393a26e016b00b8648558350df07"},{"fixed":"705010203d3f33db57b46b3077899ad7947a7a7d"},{"introduced":"424c7902ba197d695862042500e5ee98e241baa6"},{"fixed":"33311d87d4a1ccad5670f94f7aa7bcf551a11a36"}],"database_specific":{"versions":[{"introduced":"24.10.x"},{"fixed":"24.10.0"},{"introduced":"24.04.x"},{"fixed":"24.04.8"},{"introduced":"23.10.x"},{"fixed":"23.10.18"},{"introduced":"23.04.x"},{"fixed":"23.04.23"},{"introduced":"22.10.x"},{"fixed":"22.10.26"}]}}],"versions":["centreon-awie-22.10.0","centreon-dsm-22.10.0","centreon-dsm-22.10.1","centreon-gorgone-22.10.0","centreon-gorgone-22.10.1","centreon-gorgone-22.10.2","centreon-gorgone-22.10.3","centreon-gorgone-22.10.4","centreon-gorgone-22.10.5","centreon-gorgone-22.10.6","centreon-gorgone-22.10.7","centreon-gorgone-22.10.8","centreon-ha-22.10.0","centreon-ha-22.10.1","centreon-open-tickets-22.10.0","centreon-open-tickets-22.10.1","centreon-open-tickets-22.10.2","centreon-open-tickets-22.10.3","centreon-web-22.10.10","centreon-web-22.10.11","centreon-web-22.10.12","centreon-web-22.10.13","centreon-web-22.10.14","centreon-web-22.10.15","centreon-web-22.10.16","centreon-web-22.10.17","centreon-web-22.10.18","centreon-web-22.10.19","centreon-web-22.10.2","centreon-web-22.10.20","centreon-web-22.10.21","centreon-web-22.10.22","centreon-web-22.10.23","centreon-web-22.10.24","centreon-web-22.10.25","centreon-web-22.10.3","centreon-web-22.10.4","centreon-web-22.10.5","centreon-web-22.10.6","centreon-web-22.10.7","centreon-web-22.10.8","centreon-web-22.10.9","centreon-widget-engine-status-22.10.0","centreon-widget-engine-status-22.10.1","centreon-widget-global-health-22.10.0","centreon-widget-global-health-22.10.1","centreon-widget-graph-monitoring-22.10.0","centreon-widget-graph-monitoring-22.10.1","centreon-widget-grid-map-22.10.0","centreon-widget-host-monitoring-22.10.0","centreon-widget-host-monitoring-22.10.1","centreon-widget-host-monitoring-22.10.2","centreon-widget-hostgroup-monitoring-22.10.0","centreon-widget-hostgroup-monitoring-22.10.1","centreon-widget-httploader-22.10.0","centreon-widget-live-top10-cpu-usage-22.10.0","centreon-widget-live-top10-cpu-usage-22.10.1","centreon-widget-live-top10-memory-usage-22.10.0","centreon-widget-live-top10-memory-usage-22.10.1","centreon-widget-ntopng-listing-22.10.0","centreon-widget-service-monitoring-22.10.0","centreon-widget-service-monitoring-22.10.2","centreon-widget-service-monitoring-22.10.3","centreon-widget-servicegroup-monitoring-22.10.0","centreon-widget-servicegroup-monitoring-22.10.1","centreon-widget-single-metric-22.10.0","centreon-widget-single-metric-22.10.1","centreon-widget-tactical-overview-22.10.0","centreon-widget-tactical-overview-22.10.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47863.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"}]}