Description
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.
Published: 2023-02-15
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

fixed in v767

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-50140 Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.
History

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Pandorafms Pandora Fms
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2025-04-04T20:38:38.112Z

Reserved: 2022-12-13T00:00:00.000Z

Link: CVE-2022-47373

cve-icon Vulnrichment

Updated: 2024-08-03T14:55:07.896Z

cve-icon NVD

Status : Modified

Published: 2023-02-15T04:15:11.093

Modified: 2024-11-21T07:31:51.007

Link: CVE-2022-47373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses