CVE-2023-0828: XSS
First published: Tue Oct 03 2023(Updated: )
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
Credit: cve-coordination@incibe.es cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pandorafms Pandora Fms | <=767 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-0828?
The severity of CVE-2023-0828 is medium with a CVSS v3.1 score of 6.1.
How does the Cross-site Scripting (XSS) vulnerability in the Syslog Section of Pandora FMS work?
The Cross-site Scripting (XSS) vulnerability allows an attacker to inject malicious scripts into the Syslog Section of Pandora FMS, which can then be executed by unsuspecting users.
Which version of Pandora FMS is affected by CVE-2023-0828?
Pandora FMS v767 and prior versions on all platforms are affected by CVE-2023-0828.
How can I fix CVE-2023-0828?
To fix CVE-2023-0828, it is recommended to upgrade to a patched version of Pandora FMS that addresses the Cross-site Scripting (XSS) vulnerability.
Where can I find more information about CVE-2023-0828?
More information about CVE-2023-0828 can be found at the following reference: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/pandorafms
- canonical/pandorafms pandora fms
- version/pandorafms pandora fms/767