{ "id": "CVE-2023-41814", "sourceIdentifier": "security@pandorafms.com", "published": "2023-12-29T12:15:43.487", "lastModified": "2023-12-29T13:56:23.013", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u00a0This issue affects Pandora FMS: from 700 through 774." }, { "lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Pandora FMS on all permite Cross-Site Scripting (XSS). A trav\u00e9s de un paylaod HTML (etiqueta iframe) es posible realizar ataques XSS cuando el usuario que recibe los mensajes abre sus notificaciones. Este problema afecta a Pandora FMS: del 700 al 774." } ], "metrics": { "cvssMetricV31": [ { "source": "security@pandorafms.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" }, "exploitabilityScore": 1.2, "impactScore": 2.5 } ] }, "weaknesses": [ { "source": "security@pandorafms.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "references": [ { "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "source": "security@pandorafms.com" } ] }