Vulnerabilities > Artica > Pandora FMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-41786 Exposure of Resource to Wrong Sphere vulnerability in Artica Pandora FMS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery.
network
low complexity
artica CWE-668
6.5
6.5
2023-11-23 CVE-2023-41789 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
6.1
6.1
2023-11-23 CVE-2023-41791 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
5.4
5.4
2023-11-23 CVE-2023-41792 Cross-Site Request Forgery (CSRF) vulnerability in Artica Pandora FMS
Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-352
6.1
6.1
2023-11-23 CVE-2023-41810 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
6.1
6.1
2023-11-23 CVE-2023-41811 Cross-site Scripting vulnerability in Artica Pandora FMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).
network
low complexity
artica CWE-79
6.1
6.1
2021-11-03 CVE-2021-36697 Injection vulnerability in Artica Pandora FMS
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component.
local
low complexity
artica CWE-74
4.6
4.6
2021-06-30 CVE-2021-34075 Insufficiently Protected Credentials vulnerability in Artica Pandora FMS
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
network
artica CWE-522
4.3
4.3
2021-05-07 CVE-2021-32100 Unspecified vulnerability in Artica Pandora FMS 742
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
network
low complexity
artica
4.0
4.0
2020-03-23 CVE-2020-8511 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
network
low complexity
artica CWE-434
6.5
6.5