CVE-2019-19968: XSS
First published: Tue Feb 04 2020(Updated: )
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pandorafms Pandora Fms | =742 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-19968?
CVE-2019-19968 is a vulnerability found in PandoraFMS version 742 that allows authenticated users to inject dangerous content into a data store.
What components of PandoraFMS are affected by CVE-2019-19968?
CVE-2019-19968 affects the Agent Management, Report Builder, and Graph Builder components of PandoraFMS.
How can an authenticated user exploit CVE-2019-19968?
An authenticated user can exploit CVE-2019-19968 by injecting dangerous content into a data store, which is later included in dynamic content.
What is the severity of CVE-2019-19968?
CVE-2019-19968 has a severity rating of 5.4, which is considered medium.
How can I mitigate CVE-2019-19968?
To mitigate CVE-2019-19968, it is recommended to upgrade to a patched version of PandoraFMS that addresses the XSS vulnerabilities.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- vendor/pandorafms
- canonical/pandorafms pandora fms
- version/pandorafms pandora fms/742