CVE-2022-45437 MEDIUM

CVE-2022-45437: Stored cross-site scripting vulnerability in the reporting dashboard module

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-79 · XSS

Published February 15, 2023

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

Key dates

02Disclosure timeline

February 15, 2023 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45437 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-45437: Stored cross-site scripting vulnerability in the reporting dashboard module

01Description

02Disclosure timeline

03References

04Related CVE