12 matches found
EUVD-2022-50139
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-47372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability b...
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
CVE-2022-47372
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...
UBUNTU-CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
CVE-2022-47372 Stored cross-site scripting vulnerability in create event section
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...
CVE-2022-47373
CVE-2022-47373 affects Pandora FMS Console. The issue is a Reflected Cross-Site Scripting in the Module Library search functionality, triggered by the forget password flow where the username parameter lacks proper input validation/sanitization , enabling execution of malicious JavaScript payloads...
Pandora FMS Console 跨站脚本漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way.Pandora is an analytics framework used to find out if a file is suspicious or not and display the results easily. A securit...
CVE-2022-47372
Pandora FMS Console versions v766 and lower expose a stored cross‑site scripting (XSS) vulnerability in the Create event section. An attacker can inject XSS payloads on pages or supply a link that, when viewed by a user, executes script in the victim’s browser. The reports consistently identify P...