Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-45436

Опубликовано: 15 фев. 2023
Источник: nvd
CVSS3: 6.1
CVSS3: 4.8
EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:pandorafms:pandora_fms:765:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.00958
Низкий

6.1 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2022-45436

CVSS3: 6.1
ubuntu
почти 3 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

github логотип

GHSA-f749-qrwh-2gwm

CVSS3: 4.8
github
почти 3 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

EPSS

Процентиль: 76%
0.00958
Низкий

6.1 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79
CWE-79