CVE-2022-45436 MEDIUM

CVE-2022-45436: Stored cross-site scripting vulnerability in network maps editor feature

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-79 · XSS

Published February 15, 2023

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

Key dates

02Disclosure timeline

February 15, 2023 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45436

Related vulnerabilities

04Related CVE

CVE-2025-32207 WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' CVE-2023-1354 SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System register.php cross site scripting CVE-2022-4413 Cross-site Scripting (XSS) - Reflected in nuxt/framework