Skip to main content

Pandora Fms CVE-2023-41813

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-12-29 security@pandorafms.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 29, 2023 - 12:15 nvd
MEDIUM 6.1

DescriptionNVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.

AnalysisAI

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. Affected products include: Pandorafms Pandora Fms. Version information: through 774..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-12971 HIGH POC
8.6 Mar 17

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS comm

CVE-2025-5306 CRITICAL POC
9.8 Jun 27

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue af

CVE-2025-34088 HIGH POC
8.6 Jul 03

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php

CVE-2020-13851 HIGH POC
8.8 Jun 11

Artica Pandora FMS 7.44 allows remote command execution via the events feature. Rated high severity (CVSS 8.8), this vul

CVE-2024-11320 MEDIUM POC
6.9 Nov 21

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication me

CVE-2021-34074 CRITICAL POC
9.8 Jun 25

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated criti

CVE-2021-32099 CRITICAL POC
9.8 May 07

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attac

CVE-2021-32098 CRITICAL POC
9.8 May 07

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Rated critical severity (CVSS 9

CVE-2020-26518 CRITICAL POC
9.8 Oct 02

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/

CVE-2020-13854 CRITICAL POC
9.8 Jun 11

Artica Pandora FMS 7.44 allows privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2020-11749 CRITICAL POC
9.0 Jul 13

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. Rated critical severity

CVE-2020-13850 HIGH POC
7.5 Jun 11

Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Rated high severity (CVSS 7.5), this vulnerabili

Share

CVE-2023-41813 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy