cbcvebase.

Artica Pandora Fms vulnerabilities

67 known vulnerabilities affecting artica/pandora_fms.

Total CVEs
67
CISA KEV
0
Public exploits
13
Exploited in wild
2
Severity breakdown
CRITICAL18HIGH29MEDIUM20

Vulnerabilities

Page 4 of 4
CVE-2023-41811P4MEDIUMCVSS 6.1≥ 700, ≤ 7732023-11-23
CVE-2023-41811 [MEDIUM] CWE-79 CVE-2023-41811: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.
nvd
CVE-2023-41810P4MEDIUMCVSS 6.1≥ 700, ≤ 7732023-11-23
CVE-2023-41810 [MEDIUM] CWE-79 CVE-2023-41810: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773.
nvd
CVE-2021-36698P4MEDIUMCVSS 5.4≤ 7552021-11-03
CVE-2021-36698 [MEDIUM] CWE-79 CVE-2021-36698: Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
nvd
CVE-2023-41791P4MEDIUMCVSS 5.4≥ 700, ≤ 7732023-11-23
CVE-2023-41791 [MEDIUM] CWE-79 CVE-2023-41791: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pa
nvd
CVE-2023-41792P4MEDIUMCVSS 6.1≥ 700, ≤ 7732023-11-23
CVE-2023-41792 [MEDIUM] CWE-352 CVE-2023-41792: Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (X Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.
nvd
CVE-2017-15936P4MEDIUMCVSS 5.4v7.02017-10-27
CVE-2017-15936 [MEDIUM] CWE-79 CVE-2017-15936: In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.
nvd
CVE-2017-15934P4MEDIUMCVSS 5.4v7.02017-10-27
CVE-2017-15934 [MEDIUM] CWE-79 CVE-2017-15934: Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name paramete Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.
nvd
Artica Pandora Fms vulnerabilities | cvebase