Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-45437

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

Published

2023-02-15T04:15:10.893

Last Modified

2024-11-21T07:29:15.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pandorafms	pandora_fms	765	Yes

References

https://gist.github.com/damodarnaik/06180e8a5aa237b38740486b3e398011 ([email protected])
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory ([email protected])
https://gist.github.com/damodarnaik/06180e8a5aa237b38740486b3e398011 (af854a3a-2127-422b-91ae-364da2661108)
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)