Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandorafms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-46676
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via the transactional maps name field.
Pandorafms Pandora Fms
7.2
CVSSv3
CVE-2022-1648
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running app...
Pandorafms Pandora Fms
6.1
CVSSv3
CVE-2023-0828
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows malicious user to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
Pandorafms Pandora Fms
6.1
CVSSv3
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malic...
Pandorafms Pandora Fms
1 Github repository
7.8
CVSSv3
CVE-2019-13035
Artica Pandora FMS 7.0 NG prior to 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the...
Pandorafms Pandora Fms
5.4
CVSSv3
CVE-2022-47372
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page t...
Pandorafms Pandora Fms
6.1
CVSSv3
CVE-2021-46680
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via the module form name field.
Pandorafms Pandora Fms
9.8
CVSSv3
CVE-2022-43979
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to ove...
Pandorafms Pandora Fms
5.4
CVSSv3
CVE-2021-35501
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
Pandorafms Pandora Fms
6.1
CVSSv3
CVE-2023-41815
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 up to and i...
Pandorafms Pandora Fms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »