CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-11749 – PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11749
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. Pandora FMS versiones 7.0 NG anteriores a 746 incluyéndola, sufre de múltiples vulnerabilidades de tipo XSS en diferentes vistas del navegador. Un administrador de red que escanea un dispositivo SNMP puede desencadenar un ataque de tipo Cross Site Scripting (XSS), que puede ejecutar código arbitrario para permitir una ejecución de código remota como root o apache2 • https://www.exploit-db.com/exploits/48707 https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC https://pandorafms.com/downloads/whats-new-747-EN.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19968
https://notcve.org/view.php?id=CVE-2019-19968
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. PandoraFMS versión 742, sufre de múltiples vulnerabilidades de tipo XSS, afectando a los componentes Agent Management, Report Builder, y Graph Builder. Un usuario autenticado puede inyectar contenido peligroso en un almacén de datos que luego es leído e incluido en un contenido dinámico. • https://k4m1ll0.com/cve-2019-19968.html https://pandorafms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •