CVE-2022-45437

Name of the Vulnerable Software and Affected Versions Artica PFMS Pandora FMS version v765

Description The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). A user with edition privileges can create a payload in the reporting dashboard module. An admin user can observe the payload without interaction, and the attacker can obtain information.

Recommendations For version v765, consider disabling the reporting dashboard module until a patch is available to prevent the creation of malicious payloads. Restrict access to the reporting dashboard module to minimize the risk of exploitation. Avoid allowing users with edition privileges to create content in the reporting dashboard module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.