Vulnerabilities > Artica > Pandora FMS

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-41810 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
6.1
6.1
2023-11-23 CVE-2023-41811 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
6.1
6.1
2023-11-23 CVE-2023-41812 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs.
network
low complexity
artica CWE-434
8.8
8.8
2023-11-23 CVE-2023-4677 Information Exposure Through Log Files vulnerability in Artica Pandora FMS
Cron log backup files contain administrator session IDs.
network
low complexity
artica CWE-532
critical
 9.8
9.8
2021-11-03 CVE-2021-36697 Injection vulnerability in Artica Pandora FMS
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component.
local
low complexity
artica CWE-74
4.6
4.6
2021-11-03 CVE-2021-36698 Cross-site Scripting vulnerability in Artica Pandora FMS
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
network
artica CWE-79
3.5
3.5
2021-06-30 CVE-2021-34075 Insufficiently Protected Credentials vulnerability in Artica Pandora FMS
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
network
artica CWE-522
4.3
4.3
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
7.5
7.5
2021-05-07 CVE-2021-32099 SQL Injection vulnerability in Artica Pandora FMS 742
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
network
low complexity
artica CWE-89
7.5
7.5
2021-05-07 CVE-2021-32100 Unspecified vulnerability in Artica Pandora FMS 742
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
network
low complexity
artica
4.0
4.0