CVE-2014-8629

2014-11-1915:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

References

blog.pandorafms.org/?p=3271

packetstormsecurity.com/files/129112/Pandora-FMS-5.1SP1-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Nov/35

exchange.xforce.ibmcloud.com/vulnerabilities/98704