Vulnerabilities > Pandorafms > Pandora FMS > 7.0.ng.760

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-2032 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
4.8
2022-07-25 CVE-2022-2059 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
4.8
2022-03-10 CVE-2022-0507 SQL Injection vulnerability in Pandorafms Pandora FMS
Found a potential security vulnerability inside the Pandora API.
network
low complexity
pandorafms CWE-89
8.8
8.8
2021-06-25 CVE-2021-34074 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.
network
low complexity
pandorafms CWE-434
critical
 9.8
9.8
2021-06-25 CVE-2021-35501 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console.
network
low complexity
pandorafms CWE-79
5.4
5.4
2020-07-13 CVE-2020-11749 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.
network
low complexity
pandorafms CWE-79
critical
 9.0
9.0