The provided vulnerability information identifies vulnerable parameters (dep_description and dep_name) and the affected page (Configuration > Notifications > Hosts), but does not include specific code snippets, commit diffs, or file paths. While the vulnerability type (stored XSS) suggests insufficient input sanitization or output escaping, the exact functions responsible cannot be determined with high confidence without examining the implementation details. The lack of access to the GitHub patch (#9587) or Centreon's source code structure prevents precise identification of vulnerable functions. The advisory confirms the parameters and attack vector but does not map them to specific code locations.