CVE-2018-11223

2018-06-1521:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted “refr” parameter in a “/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=” call.

References

blog.hackercat.ninja/post/pandoras_box/

pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf