CVE-2020-11749

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:58

Type Values Removed Values Added
References () https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c - () https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c -
References () https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC - Exploit, Third Party Advisory, VDB Entry
References () https://pandorafms.com/downloads/whats-new-747-EN.pdf - Release Notes, Vendor Advisory () https://pandorafms.com/downloads/whats-new-747-EN.pdf - Release Notes, Vendor Advisory
References () https://www.exploit-db.com/exploits/48707 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/48707 - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2020-07-13 15:15

Updated : 2024-11-21 04:58


NVD link : CVE-2020-11749

Mitre link : CVE-2020-11749

CVE.ORG link : CVE-2020-11749


JSON object : View

Products Affected

pandorafms

  • pandora_fms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')