Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
References
Link | Resource |
---|---|
https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c | |
https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC | Exploit Third Party Advisory VDB Entry |
https://pandorafms.com/downloads/whats-new-747-EN.pdf | Release Notes Vendor Advisory |
https://www.exploit-db.com/exploits/48707 | Exploit Third Party Advisory VDB Entry |
https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c | |
https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC | Exploit Third Party Advisory VDB Entry |
https://pandorafms.com/downloads/whats-new-747-EN.pdf | Release Notes Vendor Advisory |
https://www.exploit-db.com/exploits/48707 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c - | |
References | () https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC - Exploit, Third Party Advisory, VDB Entry | |
References | () https://pandorafms.com/downloads/whats-new-747-EN.pdf - Release Notes, Vendor Advisory | |
References | () https://www.exploit-db.com/exploits/48707 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2020-07-13 15:15
Updated : 2024-11-21 04:58
NVD link : CVE-2020-11749
Mitre link : CVE-2020-11749
CVE.ORG link : CVE-2020-11749
JSON object : View
Products Affected
pandorafms
- pandora_fms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')