CVE-2022-47372 HIGH

CVE-2022-47372: Stored cross-site scripting vulnerability in create event section

Vendor Artica Pfms
Product Pandora FMS
Weakness CWE-352 · CSRF
Published February 15, 2023
Last update March 18, 2025
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.

Key dates

02Disclosure timeline

February 15, 2023 CVE published
March 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin) CVE-2025-48115 WordPress ValidateCertify plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-58217 WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2025-14999 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update CVE-2022-25599 WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability