CVE-2023-41811: Stored XSS Via Site News Page
First published: Thu Nov 23 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | >=700<=773 |
Remedy
Fixed in v774 and v772.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-41811?
CVE-2023-41811 is a vulnerability in Pandora FMS that allows for stored cross-site scripting (XSS) attacks via the site news page.
What is the severity of CVE-2023-41811?
CVE-2023-41811 has a severity rating of medium.
How does CVE-2023-41811 affect Pandora FMS?
CVE-2023-41811 affects Pandora FMS versions 700 through 773.
What is cross-site scripting (XSS)?
Cross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
How can I fix CVE-2023-41811 in Pandora FMS?
To fix CVE-2023-41811 in Pandora FMS, you should update to the latest version available and ensure that all input in the news section of the web console is properly validated and sanitized to prevent XSS attacks.
- collector/nvd-api
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/700
- version/artica pandora fms/773