Vulnerability Description
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pandorafms | Pandora Fms | <= 767 |
Related Weaknesses (CWE)
References
- https://gist.github.com/Argonx21/5ef4d123c975285b3a42835c8e81603aExploitThird Party Advisory
- https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/Vendor Advisory
- https://gist.github.com/Argonx21/5ef4d123c975285b3a42835c8e81603aExploitThird Party Advisory
- https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/Vendor Advisory
FAQ
What is CVE-2023-24516?
CVE-2023-24516 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. T...
How severe is CVE-2023-24516?
CVE-2023-24516 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24516?
Check the references section above for vendor advisories and patch information. Affected products include: Pandorafms Pandora Fms.