CVE-2022-45436
MEDIUMPandora FMS v765 - Stored Cross-Site Scripting in Network Map Name
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-45436. PoCs published by damodarnaik.
AI-analyzed exploit summary This repository contains a writeup describing a reflected XSS vulnerability in Pandora FMS <= v765 RRR. The exploit involves crafting a malicious URL with a payload in the 'b' parameter, which executes when visited by an admin user, potentially leading to session hijacking.
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.
Exploits (1)
This repository contains a writeup describing a reflected XSS vulnerability in Pandora FMS <= v765 RRR. The exploit involves crafting a malicious URL with a payload in the 'b' parameter, which executes when visited by an admin user, potentially leading to session hijacking.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N