XSS in File manager
CVE-2023-41815

7.5HIGH

Key Information:

Vendor: Pandora FMS
Status: Pandora FMS
Vendor: CVE Published:; 29 December 2023

🔔 Create Pandora FMS Vulnerability Alert

What is CVE-2023-41815?

An improper neutralization of input during web page generation leads to a Cross-Site Scripting (XSS) vulnerability in Pandora FMS. This flaw allows an attacker to inject malicious scripts into the File Manager section of the application, which can be executed in the context of an unsuspecting user. All versions from 700 to 774 are susceptible, making it crucial for users to implement immediate security measures to mitigate risks associated with potential exploits.

Affected Version(s)

Pandora FMS all 700 <= 774

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Osama Yousef <[email protected]>