CVE-2024-47863 is a stored Cross-Site Scripting (XSS) vulnerability identified in Centreon Web, an IT infrastructure monitoring platform widely used for network and system monitoring. The flaw exists in the user configuration contact name field, where malicious scripts can be injected and stored. This field is accessible only to authenticated users with high-privilege access, such as administrators or privileged operators. When a malicious script is stored in this field, it can execute in the context of other high-privilege users viewing the affected configuration, potentially leading to the theft of sensitive session tokens or other confidential information. The vulnerability affects multiple Centreon Web versions prior to 24.10.0, 24.04.8, 23.10.18, 23.04.23, and 22.10.26, indicating a broad impact across several release branches. The CVSS 3.1 base score of 6.2 reflects that the attack can be launched remotely over the network with low complexity but requires high privileges and user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component, and the impact on confidentiality is high, while integrity and availability are not impacted. No public exploits have been reported yet, but the presence of stored XSS in a high-privilege context makes this a significant concern for organizations relying on Centreon Web for critical monitoring functions. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation, a common vector for XSS attacks.

The primary impact of CVE-2024-47863 is the potential compromise of confidentiality within organizations using Centreon Web. Since the vulnerability allows stored malicious scripts to execute in the context of high-privilege users, attackers could steal session cookies, perform actions on behalf of administrators, or harvest sensitive configuration data. This could lead to unauthorized access to monitoring infrastructure, manipulation of monitoring data, or further lateral movement within the network. Although integrity and availability are not directly affected, the breach of confidentiality can undermine trust in monitoring data and system security. Organizations with large deployments of Centreon Web, especially those in critical infrastructure sectors such as energy, telecommunications, finance, and government, face increased risk. The requirement for high privileges and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate targeted attacks by insiders or advanced threat actors. Failure to address this vulnerability could result in data breaches, compliance violations, and operational disruptions due to compromised monitoring environments.

To mitigate CVE-2024-47863, organizations should prioritize upgrading Centreon Web to the fixed versions: 24.10.0, 24.04.8, 23.10.18, 23.04.23, or 22.10.26, depending on their current deployment branch. Until patches are applied, restrict access to the user configuration contact name field to only the most trusted administrators and monitor for suspicious activity. Implement strict input validation and output encoding on all user-supplied data fields, especially those accessible by high-privilege users, to prevent script injection. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the web application context. Conduct regular security audits and penetration testing focused on web interface vulnerabilities. Educate administrators about the risks of stored XSS and encourage cautious handling of user-generated content. Additionally, consider network segmentation to isolate monitoring systems from less trusted networks and enable logging and alerting for anomalous web interface behavior. These layered defenses reduce the risk of exploitation even if the vulnerability is present.