Vulnerability Description
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pandorafms | Pandora Fms | >= 7.0_ng, <= 746 |
Related Weaknesses (CWE)
References
- https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b852
- https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-InserExploitThird Party AdvisoryVDB Entry
- https://pandorafms.com/downloads/whats-new-747-EN.pdfRelease NotesVendor Advisory
- https://www.exploit-db.com/exploits/48707ExploitThird Party AdvisoryVDB Entry
- https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b852
- https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-InserExploitThird Party AdvisoryVDB Entry
- https://pandorafms.com/downloads/whats-new-747-EN.pdfRelease NotesVendor Advisory
- https://www.exploit-db.com/exploits/48707ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2020-11749?
CVE-2020-11749 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run a...
How severe is CVE-2020-11749?
CVE-2020-11749 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-11749?
Check the references section above for vendor advisories and patch information. Affected products include: Pandorafms Pandora Fms.