Pandorafms

Pandora Fms

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2022-45436

  • EPSS 0.83%
  • Veröffentlicht 15.02.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:29:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name...

5.4

CVE-2022-43980

  • EPSS 0.2%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:27:28

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges...

9.8

CVE-2022-43979

  • EPSS 0.69%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:27:28

There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could ...

3.7

CVE-2022-43978

  • EPSS 0.12%
  • Veröffentlicht 27.01.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:27:28

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowled...

6.1

CVE-2021-46680

  • EPSS 0.41%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:34:35

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.

6.1

CVE-2021-46679

  • EPSS 0.3%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:34:35

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.

6.1

CVE-2021-46678

  • EPSS 0.41%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:34:34

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.

6.1

CVE-2021-46677

  • EPSS 0.41%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:34:34

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.

6.1

CVE-2021-46676

  • EPSS 0.3%
  • Veröffentlicht 05.08.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:34:34

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.

8.8

CVE-2022-26310

  • EPSS 0.32%
  • Veröffentlicht 01.08.2022 13:15:10
  • Zuletzt bearbeitet 21.11.2024 06:53:44

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a ...