CVE-2019-19968

Name of the Vulnerable Software and Affected Versions PandoraFMS version 742

Description The issue affects the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content, leading to multiple XSS vulnerabilities.

Recommendations For PandoraFMS version 742, consider restricting access to the Agent Management, Report Builder, and Graph Builder components until a fix is available. As a temporary workaround, limit the ability of authenticated users to inject content into data stores to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.