CVE-2023-41814

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 3.7
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory

05 Jan 2024, 04:51

Type Values Removed Values Added
CPE cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

29 Dec 2023, 13:56

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-29 12:15

Updated : 2024-11-21 08:21


NVD link : CVE-2023-41814

Mitre link : CVE-2023-41814

CVE.ORG link : CVE-2023-41814


JSON object : View

Products Affected

pandorafms

  • pandora_fms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')