CVE-2022-2032: Stored Cross Site-Scripting in File Manager
First published: Mon Jul 25 2022(Updated: )
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | <=7.0_ng_761 |
Remedy
Fixed in v762
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Pandora FMS issue?
The vulnerability ID for this Pandora FMS issue is CVE-2022-2032.
What is the severity of CVE-2022-2032?
The severity of CVE-2022-2032 is medium with a severity value of 4.8.
What is the affected software version for CVE-2022-2032?
The affected software version for CVE-2022-2032 is Pandora FMS v7.0NG.761 and below.
How can an attacker exploit CVE-2022-2032?
An attacker with administrator privileges logged in the system can exploit CVE-2022-2032 by exploiting the vulnerable dirname parameter in the file manager section, allowing for Stored Cross-Site Scripting (XSS) attacks.
Are there any references for CVE-2022-2032?
Yes, there are references for CVE-2022-2032. You can find them at: - https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
- agent/references
- agent/type
- agent/softwarecombine
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pandorafms
- canonical/artica pandora fms
- version/artica pandora fms/7.0_ng_761