CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41814 – XSS Vulnerability Messages
https://notcve.org/view.php?id=CVE-2023-41814
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Si... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41813 – User notification settings edition
https://notcve.org/view.php?id=CVE-2023-41813
29 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). Le permite editar las opciones de notificación del usuario ... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41812 – Uploading executables via the file manager
https://notcve.org/view.php?id=CVE-2023-41812
23 Nov 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permitía cargar archivos ejecutables... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41811 – Stored XSS Via Site News Page
https://notcve.org/view.php?id=CVE-2023-41811
23 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulner... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41810 – Stored XSS Via Dashboard Panel
https://notcve.org/view.php?id=CVE-2023-41810
23 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad perm... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41808 – Arbitrary File Read As Root Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41808
23 Nov 2023 — Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario no autorizado escalar y leer archivos confidenciales como si fueran root. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41807 – Linux Local Privilege Escalation Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41807
23 Nov 2023 — Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad permite a un usuario escalar permisos en el shell del sistema. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41806 – Misassignment of privileges can cause DOS attack
https://notcve.org/view.php?id=CVE-2023-41806
23 Nov 2023 — Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad de Gestión de Privilegios inadecuada en todo Pandora FMS permite Escalada de Privilegios. Esta vulnerabilidad provoca que una mala asignación de privilegios pueda provocar un ataque DOS que afecte a la dispon... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41792 – Lack of Authorization and Stored XSS Via SNMP Trap Editor Page
https://notcve.org/view.php?id=CVE-2023-41792
23 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad Cross-Site Request Forgery (CSRF) en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permitía que se ejecutara código Javascript en el Editor de capturas SNMP. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41791 – Lack of Authorization and Stored XSS Via Translation Abuse
https://notcve.org/view.php?id=CVE-2023-41791
23 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en P... • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •