CVE-2020-11749

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 7.0 NG through 746

Description The issue concerns Multiple XSS vulnerabilities in different browser views of Pandora FMS. It can be triggered by a network administrator scanning a SNMP device, leading to Cross Site Scripting (XSS) that allows arbitrary code execution, potentially enabling Remote Code Execution as root or apache2.

Recommendations For Pandora FMS versions 7.0 NG through 746, consider disabling the SNMP scanning feature until a patch is available to prevent potential exploitation of the XSS vulnerability. Restrict access to the browser views where the XSS vulnerability is present to minimize the risk of exploitation.