CVE-2022-47372
HIGHPandora FMS < 766 - Stored Cross-Site Scripting in Create Event Section
Title source: llmDescription
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.
References (2)
Core 2
Core References
Various Sources related
https://gist.github.com/damodarnaik/576c39162fce7da458d2f41f1cbe99e8
Scores
CVSS v3
7.6
EPSS
0.0023
EPSS Percentile
14.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
CWE-79
Status
published
Products (1)
pandorafms/pandora_fms
< 766
Published
Feb 15, 2023
Tracked Since
Feb 18, 2026