CVE-2023-41814

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 700 through 774

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows an attacker to carry out XSS attacks when a user opens their notifications, using an HTML payload with an iframe tag.

Recommendations For versions 700 through 774, consider disabling the notification feature until a patch is available to prevent potential XSS attacks. As a temporary workaround, restrict access to the notification system to minimize the risk of exploitation. Avoid using the iframe tag in HTML payloads within the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.