Pandora FMS 3.x – ‘index.php’ Cross-Site Scripting

Exploit Database
112 阅读

作者： mehdi boukazoula

日期： 2011-08-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36073/

source: https://www.securityfocus.com/bid/49261/info

Pandora FMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Pandora FMS 3.2.1 is vulnerable; other versions may also be affected.

http://www.example.com/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=60&group_id=12&offset=0&search=bob%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E

last Exploits
Pandora FMS 3.x – ‘index.php’ Cross-Site Scripting的更多信息

vBulletin 4.x/5.x – AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting：
WordPress Plugin CataBlog 1.6 – ‘admin.php’ Cross-Site Scripting：
NotrinosERP 0.7 – Authenticated Blind SQL Injection：
Easy Car Script 2014 – SQL Injection：
NUUO NVRmini – ‘upgrade_handle.php’ Remote Command Execution：
m0n0wall 1.33 – Multiple Cross-Site Request Forgery Vulnerabilities：
Caucho Resin – ‘index.php?logout’ Cross-Site Scripting：
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)：