CVE-2021-35501

CVE-2021-35501

EPSS 1.0%

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/163466/Pandora-FMS-7.54-Cross-Site-Scripting.html https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html