CVE-2022-45436

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-45436
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45436.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45436
Downstream
Published
2023-02-15T04:15:10.613Z
Modified
2026-03-14T12:00:10.943689Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45436.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "765"
            }
        ]
    }
]