Pandora Fms@700 Security Vulnerabilities and Issues — Pandora Fms@700 CVE List

Lucene search

PandorafmsPandora Fms700

8 matches found

CVE•added 2024/11/21 11:15 a.m.•760 views

CVE-2024-11320

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through

9.8CVSS10AI score0.92171EPSS

Web

CVE•added 2024/10/22 9:15 a.m.•37 views

CVE-2024-35308

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through

8.8CVSS8.7AI score0.00405EPSS

CVE•added 2024/10/22 9:15 a.m.•37 views

CVE-2024-9987

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through

8.8CVSS9.2AI score0.00293EPSS

Web

CVE•added 2023/12/29 12:15 p.m.•28 views

CVE-2023-44088

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.

8.8CVSS7.5AI score0.00195EPSS

CVE•added 2023/12/29 12:15 p.m.•26 views

CVE-2023-41813

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.

6.1CVSS4.9AI score0.00513EPSS

CVE•added 2023/12/29 12:15 p.m.•26 views

CVE-2023-41814

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. Th...

6.1CVSS4.9AI score0.00689EPSS

CVE•added 2023/12/29 12:15 p.m.•22 views

CVE-2023-41815

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.

7.5CVSS6.3AI score0.00135EPSS

CVE•added 2023/12/29 12:15 p.m.•20 views

CVE-2023-44089

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.

6.1CVSS6.2AI score0.0011EPSS