Visual Console Module in Pandora FMS v767 and prior versions is vulnerable to Cross-site Scripting (XSS) leading to session hijacking and phishing attacks.

Visual Console Module in Pandora FMS v767 and prior versions is vulnerable to Cross-site Scripting (XSS) leading to session hijacking and phishing attacks.

CVE-2023-24514 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Learn more about our Phishing Simulation.