PT-2023-28112 · Unknown · Pandora Fms
Published
2023-12-29
·
Updated
2024-01-05
·
CVE-2023-41815
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Pandora FMS versions 700 through 774
Description
The issue affects Pandora FMS, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. Malicious code could be executed in the File Manager section.
Recommendations
For versions 700 through 774, consider disabling access to the File Manager section until a patch is available to prevent malicious code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pandora Fms