Lucene search

INCIBEVULNRICHMENT:CVE-2023-0828

HistoryOct 03, 2023 - 10:44 a.m.

CVE-2023-0828 Stored Cross Site Scripting in syslog section

2023-10-0310:44:18

CWE-79

INCIBE

github.com

cve-2023-0828

cross-site scripting

syslog

pandora fms

vulnerability

cookie theft

platform security

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
    ],
    "vendor": "pandorafms",
    "product": "pandora_fms",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "767"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-0828