Lucene search

INCIBECVE-2022-2032

HistoryJul 25, 2022 - 6:22 p.m.

CVE-2022-2032

2022-07-2518:22:51

CWE-79

INCIBE

web.nvd.nist.gov

cve-2022-2032

pandora fms

v7.0ng.761

stored cross site-scripting

file manager

security vulnerability

nvd

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

Affected configurations

Nvd

Vulners

Node

pandorafmspandora_fmsRange≤7.0_ng_761

VendorProductVersionCPE
pandorafmspandora_fms*cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pandorafms	pandora_fms	*	cpe:2.3:a:pandorafms:pandora_fms::::::::

CNA Affected

[
  {
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThanOrEqual": "v761",
        "status": "affected",
        "version": "v761",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

www.incibe.es/en/cve-assignment-publication/coordinated-cves

Social References