CVE-2022-45437: XSS
First published: Wed Feb 15 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.
Credit: cve-coordination@incibe.es cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pandorafms Pandora Fms | =765 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-45437?
CVE-2022-45437 is a vulnerability known as 'Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)', which affects Artica PFMS Pandora FMS v765.
How severe is CVE-2022-45437?
CVE-2022-45437 has a severity rating of 4.8 (Medium).
How does CVE-2022-45437 impact Artica PFMS Pandora FMS v765?
CVE-2022-45437 allows for Cross-Site Scripting (XSS) attacks in Artica PFMS Pandora FMS v765, where a user with edition privileges can create a payload in the reporting dashboard module.
How can an admin user observe the payload in Artica PFMS Pandora FMS v765?
An admin user in Artica PFMS Pandora FMS v765 can observe the payload created by a user with edition privileges.
What is the Common Weakness Enumeration (CWE) for CVE-2022-45437?
The CWE for CVE-2022-45437 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation (Cross-site Scripting).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/pandorafms
- canonical/pandorafms pandora fms
- version/pandorafms pandora fms/765