Cross site scripting

2014-11-1915:59:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

CPENameOperatorVersion
pandora_flexible_monitoring_systemle5.1

CPE	Name	Operator	Version
	pandora_flexible_monitoring_system	le	5.1

References

blog.pandorafms.org/?p=3271

packetstormsecurity.com/files/129112/Pandora-FMS-5.1SP1-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Nov/35

exchange.xforce.ibmcloud.com/vulnerabilities/98704