Lucene search

PandoraFMSCVELIST:CVE-2023-41792

HistoryNov 23, 2023 - 2:45 p.m.

CVE-2023-41792 Lack of Authorization and Stored XSS Via SNMP Trap Editor Page

2023-11-2314:45:33

CWE-352

PandoraFMS

www.cve.org

cve-2023-41792

lack of authorization

stored xss

snmp trap editor

cross-site scripting

pandora fms

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "773",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/