exploitDog

CVE-2023-41792

Опубликовано: 23 нояб. 2023

Источник: nvd

CVSS3: 5.9

CVSS3: 6.1

EPSS Низкий

Описание

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.

Ссылки

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

Версия от 700 (включая) до 773 (включая)

EPSS

Процентиль: 12%

0.00041

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-8mgw-h8q3-3x6m

CVSS3: 5.9

github

около 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.

EPSS

Процентиль: 12%

0.00041

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-352

CWE-352