CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-8629

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v2 Score 4.3

References

http://blog.pandorafms.org/?p=3271
http://packetstormsecurity.com/files/129112/Pandora-FMS-5.1SP1-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2014/Nov/35
https://exchange.xforce.ibmcloud.com/vulnerabilities/98704
http://blog.pandorafms.org/?p=3271
http://packetstormsecurity.com/files/129112/Pandora-FMS-5.1SP1-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2014/Nov/35
https://exchange.xforce.ibmcloud.com/vulnerabilities/98704

Products affected by CVE-2014-8629

Pandorafms » Pandora Flexible Monitoring System » Version: Any

cpe:2.3:a:pandorafms:pandora_flexible_monitoring_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-8629

Products

Pricing

Contact Us