EIP-2026-110461

PRE-CVE

Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110461. PoCs published by Matthew Aberegg.

AI-analyzed exploit summary This exploit demonstrates multiple persistent XSS vulnerabilities in Pandora FMS 7.0 NG 749, targeting the 'Edit OS', 'Private Enterprise Numbers', and 'Module Template Management' functionalities. The PoC includes HTTP requests with malicious payloads in vulnerable parameters.

Description

Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Matthew Aberegg · textwebappsphp

https://www.exploit-db.com/exploits/49139

View Code ZIP pw:eip

This exploit demonstrates multiple persistent XSS vulnerabilities in Pandora FMS 7.0 NG 749, targeting the 'Edit OS', 'Private Enterprise Numbers', and 'Module Template Management' functionalities. The PoC includes HTTP requests with malicious payloads in vulnerable parameters.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Pandora FMS 7.0 NG 749

Auth required

Prerequisites: Access to authenticated session (PHPSESSID) · Network access to target Pandora FMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026