CVE-2023-44089

MEDIUM

6.1

Descricao

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.

Detalhes CVE

Pontuacao CVSS v3.16.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioREQUIRED

Publicado12/29/2023

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

pandorafms:pandora_fms

Fraquezas (CWE)

CWE-79CWE-79

Referencias

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/(security@pandorafms.com)

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.