CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41793 – Path Traversal and Untrusted Upload File
https://notcve.org/view.php?id=CVE-2023-41793
19 Mar 2024 — : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. Vulnerabilidad de Path Traversal en Pandora FMS en todos permite Path Traversal. Esta vulnerabilidad permitía cambiar directorios y crear archivos y descargarlos fuera de los directorios permitidos. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-35: Path Traversal: '.../ •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44089 – XSS in Visual Console
https://notcve.org/view.php?id=CVE-2023-44089
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Era posible ejecutar código JS malicioso en consolas vis... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-44088 – SQL Injection in Visual Console
https://notcve.org/view.php?id=CVE-2023-44088
29 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyección SQL') en Pandora FMS on all permite la Inyección SQL. Se permitía ejecutar consultas SQL arbitrarias utilizando c... • https://packetstorm.news/files/id/190405 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41815 – XSS in File manager
https://notcve.org/view.php?id=CVE-2023-41815
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Se podría ejecutar código malicioso en la sección File Mana... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41814 – XSS Vulnerability Messages
https://notcve.org/view.php?id=CVE-2023-41814
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Si... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41813 – User notification settings edition
https://notcve.org/view.php?id=CVE-2023-41813
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Le permite editar las opciones de notificación del usuario ... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0828 – Stored Cross Site Scripting in syslog section
https://notcve.org/view.php?id=CVE-2023-0828
03 Oct 2023 — Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms. Una vulnerabilidad de Cross-site Scripting (XSS) en Syslog Section de Pandora FMS permite a un atacante hacer que el valor de la cookie del usuario se transfiera al servidor del usuario atacante. Este problema afecta a Pandora FMS versión v767 y versiones a... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24518 – Disabling the administrator's account through cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-24518
03 Oct 2023 — A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pandora FMS permite a un atacante obligar a los usuarios autenticados a enviar una solicitud a una aplicación web en la que están actualmente autenticados. Este problema afecta ... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-24517 – Remote Code Execution via Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2023-24517
22 Aug 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. Vulnerabilidad de subida no restringida de ficheros de tipo peligroso en el componente "File Manager" de Pandora FMS, podría permite a un atacante hacer uso de este problema (subida no restringida de ficheros)... • https://github.com/Argonx21/CVE-2023-24517 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24516 – Stored Cross Site Scripting - Special Days Module
https://notcve.org/view.php?id=CVE-2023-24516
22 Aug 2023 — Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. Una vulnerabilidad de Cross-site Scripting (XSS) en el componente Pandora FMS Special Days FMS permite a un atacante utilizarlo para robar el valor de la cookie de sesión de los usuarios administradores fácilmente con poca interacció... • https://gist.github.com/Argonx21/5ef4d123c975285b3a42835c8e81603a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •