CVE-2022-43980

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 5.2
References () https://github.com/Argonx21/CVE-2022-43980 - () https://github.com/Argonx21/CVE-2022-43980 -
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory

22 Feb 2023, 00:15

Type Values Removed Values Added
CPE cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
References
  • (MISC) https://github.com/Argonx21/CVE-2022-43980 -
References (CONFIRM) https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - (CONFIRM) https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

30 Jan 2023, 14:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-27 22:15

Updated : 2024-11-21 07:27


NVD link : CVE-2022-43980

Mitre link : CVE-2022-43980

CVE.ORG link : CVE-2022-43980


JSON object : View

Products Affected

pandorafms

  • pandora_fms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')