{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T04:01:17.206","vulnerabilities":[{"cve":{"id":"CVE-2022-45436","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-02-15T04:15:10.613","lastModified":"2024-11-21T07:29:15.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.\n\n"},{"lang":"es","value":"Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de la página web en Artica PFMS Pandora FMS v765 en todas las plataformas, permite Cross-Site Scripting (XSS). Como usuario con privilegios de administrador, crea un mapa de red que contiene el nombre como payload xss. Una vez creado, el usuario administrador debe hacer clic en la edición de mapas de red y se ejecutará el payload XSS, que podría ser utilizado para robar el valor de la cookie de los usuarios administradores."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pandorafms:pandora_fms:765:*:*:*:*:*:*:*","matchCriteriaId":"09E9C019-B213-42AF-8555-3ACBA24596FD"}]}]}],"references":[{"url":"https://gist.github.com/damodarnaik/ac07a179972cd4d508f246e9bc5500e7","source":"cve-coordination@incibe.es"},{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"cve-coordination@incibe.es","tags":["Vendor Advisory"]},{"url":"https://gist.github.com/damodarnaik/ac07a179972cd4d508f246e9bc5500e7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}