cbcvebase.

Pandorafms Pandora Fms vulnerabilities

46 known vulnerabilities affecting pandorafms/pandora_fms.

Total CVEs
46
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH15MEDIUM24LOW1

Vulnerabilities

Page 3 of 3
CVE-2020-13853P4MEDIUMCVSS 5.4v7.442020-06-11
CVE-2020-13853 [MEDIUM] CWE-79 CVE-2020-13853: Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
nvd
CVE-2022-2032P4MEDIUMCVSS 4.8≤ 7.0_ng_7612022-07-25
CVE-2022-2032 [MEDIUM] CWE-79 CVE-2022-2032: In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerabl In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
nvd
CVE-2022-2059P4MEDIUMCVSS 4.8≤ 7.0_ng_7612022-07-25
CVE-2022-2059 [MEDIUM] CWE-79 CVE-2022-2059: In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerabl In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
nvd
CVE-2022-45436P4MEDIUMCVSS 4.8v7652023-02-15
CVE-2022-45436 [MEDIUM] CWE-79 CVE-2022-45436: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be
nvd
CVE-2022-45437P4MEDIUMCVSS 4.8v7652023-02-15
CVE-2022-45437 [MEDIUM] CWE-79 CVE-2022-45437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.
nvd
CVE-2022-43978P4LOWCVSS 3.7fixed in 7662023-01-27
CVE-2022-43978 [LOW] CWE-287 CVE-2022-43978: There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
nvd
Pandorafms Pandora Fms vulnerabilities | cvebase