CVE-2022-45436

Name of the Vulnerable Software and Affected Versions Artica PFMS Pandora FMS version v765

Description The issue allows Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. As a manager privilege user, an attacker can create a network map containing a malicious name, which acts as an XSS payload. Once created, if an admin user clicks on the edit network maps, the XSS payload will be executed. This could potentially be used for stealing admin users' cookie values.

Recommendations For Artica PFMS Pandora FMS version v765, as a temporary workaround, consider restricting access to the network map creation feature for manager privilege users until a patch is available. Additionally, restrict the ability to edit network maps for admin users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.