Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pandora_fms
(Pandorafms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-22 | CVE-2023-24516 | Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. | Pandora_fms | 5.4 | ||
| 2023-08-22 | CVE-2023-24517 | Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | Pandora_fms | 7.2 | ||
| 2023-10-03 | CVE-2023-0828 | Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms. | Pandora_fms | 6.1 | ||
| 2023-10-03 | CVE-2023-24518 | A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. | Pandora_fms | 7.1 | ||
| 2023-12-29 | CVE-2023-41813 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2023-12-29 | CVE-2023-41814 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2023-12-29 | CVE-2023-41815 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2023-12-29 | CVE-2023-44088 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 8.8 | ||
| 2023-12-29 | CVE-2023-44089 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2024-11-21 | CVE-2024-11320 | Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 | Pandora_fms | 9.8 |