Vulnerabilities > Pandorafms

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-24514 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc.
network
low complexity
pandorafms CWE-79
6.1
2023-08-22 CVE-2023-24515 Unspecified vulnerability in Pandorafms Pandora FMS
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS.
network
low complexity
pandorafms
6.5
2023-08-22 CVE-2023-24516 Unspecified vulnerability in Pandorafms Pandora FMS
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction.
network
low complexity
pandorafms
5.4
2023-08-22 CVE-2023-24517 Unspecified vulnerability in Pandorafms Pandora FMS
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands.
network
low complexity
pandorafms
7.2
2023-06-13 CVE-2023-2807 Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.
network
low complexity
pandorafms CWE-290
critical
9.8
2023-02-15 CVE-2022-45436 Unspecified vulnerability in Pandorafms Pandora FMS 765
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS).
network
low complexity
pandorafms
4.8
2023-02-15 CVE-2022-45437 Unspecified vulnerability in Pandorafms Pandora FMS 765
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS).
network
low complexity
pandorafms
4.8
2023-02-15 CVE-2022-47372 Unspecified vulnerability in Pandorafms Pandora FMS
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower.
network
low complexity
pandorafms
5.4
2023-02-15 CVE-2022-47373 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower.
network
low complexity
pandorafms CWE-79
6.1
2023-01-27 CVE-2022-43978 Use of Hard-coded Credentials vulnerability in Pandorafms Pandora FMS
There is an improper authentication vulnerability in Pandora FMS v764.
network
high complexity
pandorafms CWE-798
3.7