EIP-2026-110465
PRE-CVEPandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110465. PoCs published by Emre ÖVÜNÇ.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Pandora FMS 7.0 NG 747 by manipulating the 'filename' parameter in a POST request to inject malicious JavaScript. The payload is executed when a user views the crafted attachment in the 'Issues' section.
Description
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
by Emre ÖVÜNÇ · textwebappsphp
https://www.exploit-db.com/exploits/48700
This exploit demonstrates a stored XSS vulnerability in Pandora FMS 7.0 NG 747 by manipulating the 'filename' parameter in a POST request to inject malicious JavaScript. The payload is executed when a user views the crafted attachment in the 'Issues' section.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Pandora FMS 7.0 NG 747
Auth required
Prerequisites:
Valid session cookie (PHPSESSID) · Access to the 'Workspace >> Issues' section
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026