Vulnerabilities > Pandorafms > Pandora FMS

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-24515 Server-Side Request Forgery (SSRF) vulnerability in Pandorafms Pandora FMS
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS.
network
low complexity
pandorafms CWE-918
6.5
2023-08-22 CVE-2023-24516 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction.
network
low complexity
pandorafms CWE-79
5.4
2023-08-22 CVE-2023-24517 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands.
network
low complexity
pandorafms CWE-434
7.2
2023-06-13 CVE-2023-2807 Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.
network
low complexity
pandorafms CWE-290
critical
9.8
2023-02-15 CVE-2022-45436 Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS).
network
low complexity
pandorafms CWE-79
4.8
2023-02-15 CVE-2022-45437 Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS).
network
low complexity
pandorafms CWE-79
4.8
2023-02-15 CVE-2022-47372 Cross-Site Request Forgery (CSRF) vulnerability in Pandorafms Pandora FMS
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower.
network
low complexity
pandorafms CWE-352
5.4
2023-02-15 CVE-2022-47373 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower.
network
low complexity
pandorafms CWE-79
6.1
2023-01-27 CVE-2022-43978 Use of Hard-coded Credentials vulnerability in Pandorafms Pandora FMS
There is an improper authentication vulnerability in Pandora FMS v764.
network
high complexity
pandorafms CWE-798
3.7
2023-01-27 CVE-2022-43979 Path Traversal vulnerability in Pandorafms Pandora FMS
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764.
network
low complexity
pandorafms CWE-22
critical
9.8