First published: Fri Jan 27 2023(Updated: )
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.
Credit: cve-coordination@incibe.es
Affected Software | Affected Version | How to fix |
---|---|---|
Pandorafms Pandora Fms | <766 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-43980.
The severity of CVE-2022-43980 is medium, with a CVSS score of 5.4.
The affected software is Pandora FMS v765.
The vulnerability is a stored cross-site scripting (XSS) vulnerability.
An attacker can modify a network map in Pandora FMS v765, including an XSS payload in the name, which can be executed when an admin user clicks on the edited network map.