CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
[
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"vendor": "pandorafms",
"product": "pandora_fms",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "767"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
total