CVE-2022-43980 MEDIUM

CVE-2022-43980: Cross-site scripting vulnerability in the network maps edit functionality

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-352 · CSRF

Published January 27, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

5.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.

Key dates

02Disclosure timeline

January 27, 2023 CVE published

March 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43980

Related vulnerabilities

04Related CVE

CVE-2024-30493 WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-39633 WordPress Grand Car Rental theme <= 3.6.9 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation CVE-2024-51686 WordPress Manage User Columns plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-32141 WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability