exploitDog

CVE-2022-2032

Опубликовано: 25 июл. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 4.8

EPSS Низкий

Описание

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

Ссылки

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Third Party Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Версия до 7.0_ng_761 (включая)

EPSS

Процентиль: 69%

0.00618

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-h3c2-xw7j-vr4f

CVSS3: 4.8

github

больше 3 лет назад

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

EPSS

Процентиль: 69%

0.00618

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

CWE-79