CVE-2022-47373 PoC — Pandora FMS Console 跨站脚本漏洞

Source

https://github.com/Argonx21/CVE-2022-47373

Associated Vulnerability

Title:Pandora FMS Console 跨站脚本漏洞 (CVE-2022-47373)
Description:Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。Pandora是一个分析框架，用于发现文件是否可疑并方便地显示结果。 Pandora FMS Console v766及之前版本存在安全漏洞。攻击者利用该漏洞可以执行恶意JavaScript。

Description

Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766

Readme

# CVE-2022-47373
Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766


##### > Exploit Title: Reflected Cross Site Scripting
##### > Date: 15/02/2023
##### > Exploit Author: Gaurish Kauthankar
##### > Vendor Homepage: https://pandorafms.com/en/
##### > Software Link: https://github.com/pandorafms/pandorafms
##### > Version: <= v766
##### > Tested on: Ubuntu
##### > CVE : CVE-2022-47373


### Steps to reproduce:  
1. Add xss payload in the search functionality present in module library section.  
2. Observe payload execution.  
3. Now share the url containing xss payload with the victim user to steal cookies, redirecting to evil website, etc.

File Snapshot


 [4.0K]  /data/pocs/bdbb2fbb8f5dbdb58bc10aa2cca6d794ac7a4690
└── [ 665]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!