Pandorafms: >> Pandora Fms >> 754 Security Vulnerabilities
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-08-05
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.
CVSS Score
5.8
EPSS Score
0.001
Published
2022-03-10
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
CVSS Score
9.8
EPSS Score
0.036
Published
2021-06-25
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-06-25
Page 3