CVE-2022-47372

HIGH

Pandora FMS < 766 - Stored Cross-Site Scripting in Create Event Section

Title source: llm
STIX 2.1

Description

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.

Scores

CVSS v3 7.6
EPSS 0.0023
EPSS Percentile 14.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
pandorafms/pandora_fms < 766
Published Feb 15, 2023
Tracked Since Feb 18, 2026