CVE-2022-43980 PoC — PandoraFMS 跨站脚本漏洞

Source

https://github.com/Argonx21/CVE-2022-43980

Associated Vulnerability

Title:PandoraFMS 跨站脚本漏洞 (CVE-2022-43980)
Description:PandoraFMS是美国PandoraFMS的一个应用软件。提供一个监控功能。 PandoraFMS v765版本存在安全漏洞，该漏洞源于存在存储型跨站脚本，攻击者利用该漏洞可能允许窃取管理员用户的cookie值。

Description

Stored Cross Site Scripting Vulnerability in the network maps edit functionality

Readme

# CVE-2022-43980
Stored Cross Site Scripting Vulnerability in the network maps edit functionality of PandoraFMS <= Package v765 RRR.



##### > Exploit Title: Stored Cross Site Scripting
##### > Date: 15/02/2023
##### > Exploit Author: Gaurish Kauthankar
##### > Vendor Homepage: https://pandorafms.com/en/
##### > Software Link: https://github.com/pandorafms/pandorafms
##### > Version: <= v765 RRR
##### > Tested on: Ubuntu
##### > CVE ID: CVE-2022-43980


### Steps to reproduce
1. As a low privilege user, create a network map containing name as xss payload.  
2. Once created, admin user must click on the edit network maps link.  
3. XSS payload will be executed, which could be used for stealing admin users cookie value, etc.

File Snapshot


 [4.0K]  /data/pocs/4b3c2a26d4f7d0f99fed98319675f2e58a50949b
└── [ 734]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!