cbcvebase.

Artica Pfms Pandora Fms vulnerabilities

27 known vulnerabilities affecting artica_pfms/pandora_fms.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM18LOW1

Vulnerabilities

Page 2 of 2
CVE-2022-43980P4MEDIUMCVSS 5.4vv7652023-01-27
CVE-2022-43980 [MEDIUM] CWE-352 CVE-2022-43980: There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulner
nvd
CVE-2022-47372P4MEDIUMCVSS 5.4≤ v7662023-02-15
CVE-2022-47372 [MEDIUM] CWE-352 CVE-2022-47372: Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 an Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.
nvd
CVE-2022-2032P4MEDIUMCVSS 4.8≥ v761, ≤ v7612022-07-25
CVE-2022-2032 [MEDIUM] CWE-79 CVE-2022-2032: In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerabl In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
nvd
CVE-2022-2059P4MEDIUMCVSS 4.8≥ v761, ≤ v7612022-07-25
CVE-2022-2059 [MEDIUM] CWE-79 CVE-2022-2059: In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerabl In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
nvd
CVE-2022-45436P4MEDIUMCVSS 4.8vv7652023-02-15
CVE-2022-45436 [MEDIUM] CWE-79 CVE-2022-45436: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be
nvd
CVE-2022-45437P4MEDIUMCVSS 4.8vv7652023-02-15
CVE-2022-45437 [MEDIUM] CWE-79 CVE-2022-45437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.
nvd
CVE-2022-43978P4LOWCVSS 3.7≥ v764, ≤ v7642023-01-27
CVE-2022-43978 [LOW] CWE-287 CVE-2022-43978: There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
nvd
Artica Pfms Pandora Fms vulnerabilities | cvebase