{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:54:34.081","vulnerabilities":[{"cve":{"id":"CVE-2022-47373","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-02-15T04:15:11.093","lastModified":"2024-11-21T07:31:51.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload."},{"lang":"es","value":"Cross-Site Scripting reflejado en la funcionalidad de búsqueda de la librería de módulos en la consola de Pandora FMS v766 e inferiores. Esta vulnerabilidad surge en la funcionalidad de olvido de contraseña donde el parámetro nombre de usuario no tiene una validación/sanitización de entrada adecuada, resultando en la ejecución de payload JavaScript malicioso."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*","versionEndIncluding":"766","matchCriteriaId":"5FC63B93-A766-461F-9877-4D51E1865E84"}]}]}],"references":[{"url":"https://github.com/Argonx21/CVE-2022-47373","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"cve-coordination@incibe.es","tags":["Vendor Advisory"]},{"url":"https://github.com/Argonx21/CVE-2022-47373","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}