Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artica pandora fms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-41808
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 up to and including 773.
Artica Pandora Fms
6.1
CVSSv3
CVE-2023-41810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pando...
Artica Pandora Fms
6.1
CVSSv3
CVE-2023-41811
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affec...
Artica Pandora Fms
8.8
CVSSv3
CVE-2023-41812
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 u...
Artica Pandora Fms
4.8
CVSSv3
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Onc...
Pandorafms Pandora Fms 765
1 Github repository
4.8
CVSSv3
CVE-2022-45437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin u...
Pandorafms Pandora Fms 765
6.1
CVSSv3
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via module massive operation name field.
Artica Pandora Fms
6.7
CVSSv3
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code c...
Artica Pandora Fms
5.4
CVSSv3
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora Fms
5.9
CVSSv3
CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
Artica Pandora Fms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »