Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.

Published

2023-02-15T04:15:10.987

Last Modified

2024-11-21T07:31:50.883

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-352
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pandorafms	pandora_fms	≤ 766	Yes

References

https://gist.github.com/damodarnaik/576c39162fce7da458d2f41f1cbe99e8 ([email protected])
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory ([email protected])
https://gist.github.com/damodarnaik/576c39162fce7da458d2f41f1cbe99e8 (af854a3a-2127-422b-91ae-364da2661108)
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)