Share:

CVE-2021-35501 - Pandorafms Pandora Fms

June 25, 2021

Moderate 5.4

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

Affected software

Pandorafms Pandora Fms

Reference links

https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.