CVE-2023-41811 MEDIUM

CVE-2023-41811: Stored XSS Via Site News Page

Vendor Pandora Fms

Product Pandora FMS

Weakness CWE-79 · XSS

Published November 23, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.

Key dates

02Disclosure timeline

November 23, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-41811 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-54422 WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting CVE-2024-5879 HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget CVE-2021-41101 CORS `Access-Control-Allow-Origin` settings are too lenient