CVE-2023-41791: Lack of Authorization and Stored XSS Via Translation Abuse
First published: Thu Nov 23 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | >=700<=773 |
Remedy
Fixed in v774 in v772.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2023-41791.
What is the severity level of CVE-2023-41791?
The severity level of CVE-2023-41791 is high (8.4).
What is the affected software for CVE-2023-41791?
The affected software for CVE-2023-41791 is Artica Pandora FMS version 700 to 773.
What is the CWE (Common Weakness Enumeration) category of CVE-2023-41791?
The CWE category of CVE-2023-41791 is CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can I fix CVE-2023-41791?
To fix CVE-2023-41791, it is recommended to update the Artica Pandora FMS software to a version that includes the necessary patches to address this vulnerability.
- collector/nvd-api
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/700
- version/artica pandora fms/773