Lucene search

INCIBECVELIST:CVE-2023-0828

HistoryOct 03, 2023 - 10:44 a.m.

CVE-2023-0828 Stored Cross Site Scripting in syslog section

2023-10-0310:44:18

CWE-79

INCIBE

www.cve.org

cross-site scripting

syslog section

pandora fms

cve-2023-0828

vulnerability

security

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.2%

JSON

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "All"
    ],
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThanOrEqual": "v767",
        "status": "affected",
        "version": "v0",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.2%

JSON

Related for CVELIST:CVE-2023-0828