CVE-2022-43980: XSS
First published: Fri Jan 27 2023(Updated: )
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pandorafms Pandora Fms | <766 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-43980.
What is the severity of CVE-2022-43980?
The severity of CVE-2022-43980 is medium, with a CVSS score of 5.4.
What is the affected software?
The affected software is Pandora FMS v765.
What is the type of vulnerability?
The vulnerability is a stored cross-site scripting (XSS) vulnerability.
How can an attacker exploit this vulnerability?
An attacker can modify a network map in Pandora FMS v765, including an XSS payload in the name, which can be executed when an admin user clicks on the edited network map.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/pandorafms
- canonical/pandorafms pandora fms