CVE-2019-19968
published 2020-02-04CVE-2019-19968: PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.80%
52.1th percentile
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pandorafms | pandora_fms | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5 | 4:4.6.6-5ubuntu0.5 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g8h-j4x8-r88g: PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components
ghsa_unreviewed·2022-05-24
CVE-2019-19968 [LOW] GHSA-3g8h-j4x8-r88g: PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
OSV
phpmyadmin vulnerabilities
osv·2020-11-19·CVSS 6.5
CVE-2018-19968 phpmyadmin vulnerabilities
phpmyadmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the
phpMyAdmin Configuration Storage tables. An authenticated attacker could
use this vulnerability to cause phpmyAdmin to leak sensitive files.
(CVE-2018-19968)
It was discovered that phpMyAdmin incorrectly handled user input. An
attacker could possibly use this for an XSS attack. (CVE-2018-19970)
It was discovered that phpMyAdmin mishandled certain input. An attacker
could use this vulnerability to execute a cross-site scripting (XSS) attack
via a crafted URL. (CVE-2018-7260)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted database name. (CVE-2019-11768)
It was discovere
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-04
Published