Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rxg9-g88m-hx4v

Опубликовано: 15 фев. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 4.8

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

Ссылки

EPSS

Процентиль: 62%
0.00424
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-45437

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2022-45437

CVSS3: 6.5
ubuntu
почти 3 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

nvd логотип

CVE-2022-45437

CVSS3: 6.5
nvd
почти 3 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

EPSS

Процентиль: 62%
0.00424
Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2022-45437

Дефекты

CWE-79