CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46677 – Vulnerability XSS in Event filter name field
https://notcve.org/view.php?id=CVE-2021-46677
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y anteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio del campo name del filtro de eventos • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46676 – Vulnerability XSS in Transaction Map name field
https://notcve.org/view.php?id=CVE-2021-46676
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y anteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio del campo name de los mapas transaccionales • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46679 – Vulnerability XSS in service elements
https://notcve.org/view.php?id=CVE-2021-46679
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y anteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio de elementos de servicio • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46681 – Vulnerability XSS in module mass operation name field
https://notcve.org/view.php?id=CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y posteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio del campo name de operación masiva del módulo • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26310 – Improper Authorization in User Management to Vertical Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-26310
Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. Pandora FMS versión v7.0NG.760 y anteriores, permite una autorización inapropiada en la administración de usuarios donde cualquier usuario autenticado con acceso al módulo de administración de usuarios podría crear, modificar o eliminar cualquier usuario con privilegio de administrador completo. El impacto podría conllevar a una escalada vertical de privilegios para acceder a los privilegios de un usuario de nivel superior o típicamente un usuario administrador • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-285: Improper Authorization •