Lucene search

[email protected]NVD:CVE-2023-24514

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2023-24514

2023-08-2219:16:34

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

visual console module

admin user session

phishing attacks

pandora fms

vulnerability

cve-2023-24514

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Affected configurations

NVD

Node

pandorafmspandora_fmsRange≤767

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-24514

prion1 cvelist1 cve1