Lucene search

INCIBECVELIST:CVE-2022-2032

HistoryJul 25, 2022 - 5:47 p.m.

CVE-2022-2032 Stored Cross Site-Scripting in File Manager

2022-07-2517:47:49

CWE-79

INCIBE

www.cve.org

cve-2022-2032

stored cross site-scripting

file manager

pandora fms

administrator privileges

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

CNA Affected

[
  {
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThanOrEqual": "v761",
        "status": "affected",
        "version": "v761",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

www.incibe.es/en/cve-assignment-publication/coordinated-cves