PT-2017-14295 · Artica · Artica Pandora Fms

Published

2017-10-27

Updated

2017-11-14

CVE-2017-15936

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS version 7.0

Description The issue allows an attacker with write permission to create an agent containing an XSS payload. When a user accesses the agent definitions page, the malicious script is executed.

Recommendations For Artica Pandora FMS version 7.0, consider restricting write permissions to prevent unauthorized users from creating agents with malicious payloads. As a temporary workaround, avoid accessing the agent definitions page until a fix is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-15936

Affected Products

Artica Pandora Fms

PT-2017-14295 · Artica · Artica Pandora Fms

CVE-2017-15936

Weakness Enumeration

Related Identifiers

Affected Products

References · 3