Vulnerabilities > Pandorafms > Pandora FMS

DATE CVE VULNERABILITY TITLE RISK
2023-01-27 CVE-2022-43980 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality.
network
low complexity
pandorafms CWE-79
5.4
2022-03-10 CVE-2022-0507 SQL Injection vulnerability in Pandorafms Pandora FMS
Found a potential security vulnerability inside the Pandora API.
network
low complexity
pandorafms CWE-89
8.8
2021-06-25 CVE-2021-34074 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.
network
low complexity
pandorafms CWE-434
7.5
2021-06-25 CVE-2021-35501 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console.
network
pandorafms CWE-79
3.5
2020-07-13 CVE-2020-11749 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.
network
low complexity
pandorafms CWE-79
critical
9.0
2020-06-11 CVE-2020-13855 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
network
low complexity
pandorafms CWE-434
critical
9.0
2020-06-11 CVE-2020-13854 Improper Privilege Management vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows privilege escalation.
network
low complexity
pandorafms CWE-269
critical
10.0
2020-06-11 CVE-2020-13853 Cross-site Scripting vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
network
pandorafms CWE-79
3.5
2020-06-11 CVE-2020-13852 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
network
low complexity
pandorafms CWE-434
critical
9.0
2020-06-11 CVE-2020-13851 OS Command Injection vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
network
low complexity
pandorafms CWE-78
critical
9.0