Vulnerability Details CVE-2023-41789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.7%
CVSS Severity
CVSS v3 Score 7.6
References
Products affected by CVE-2023-41789
-
cpe:2.3:a:artica:pandora_fms:700
-
cpe:2.3:a:artica:pandora_fms:740
-
cpe:2.3:a:artica:pandora_fms:741
-
cpe:2.3:a:artica:pandora_fms:742
-
cpe:2.3:a:artica:pandora_fms:743
-
cpe:2.3:a:artica:pandora_fms:744
-
cpe:2.3:a:artica:pandora_fms:745
-
cpe:2.3:a:artica:pandora_fms:746
-
cpe:2.3:a:artica:pandora_fms:747
-
cpe:2.3:a:artica:pandora_fms:748
-
cpe:2.3:a:artica:pandora_fms:749
-
cpe:2.3:a:artica:pandora_fms:750
-
cpe:2.3:a:artica:pandora_fms:751
-
cpe:2.3:a:artica:pandora_fms:752
-
cpe:2.3:a:artica:pandora_fms:753
-
cpe:2.3:a:artica:pandora_fms:754
-
cpe:2.3:a:artica:pandora_fms:755
-
cpe:2.3:a:artica:pandora_fms:773