There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.
References
Configurations
History
21 Nov 2024, 07:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.2 |
References | () https://github.com/Argonx21/CVE-2022-43980 - | |
References | () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory |
22 Feb 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:* | |
References |
|
|
References | (CONFIRM) https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
30 Jan 2023, 14:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-27 22:15
Updated : 2024-11-21 07:27
NVD link : CVE-2022-43980
Mitre link : CVE-2022-43980
CVE.ORG link : CVE-2022-43980
JSON object : View
Products Affected
pandorafms
- pandora_fms