CVE-2021-35501

Опубликовано: 25 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

Ссылки

http://packetstormsecurity.com/files/163466/Pandora-FMS-7.54-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163466/Pandora-FMS-7.54-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Версия до 754 (включая)

EPSS

Процентиль: 58%

0.00363

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j5fq-j57r-mrmw

github

больше 3 лет назад