{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-24516","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2023-01-25T13:49:34.265Z","datePublished":"2023-08-22T13:03:39.181Z","dateUpdated":"2024-09-06T14:13:21.668Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["All"],"product":"Pandora FMS","vendor":"Artica PFMS","versions":[{"lessThanOrEqual":"v767","status":"affected","version":"v0","versionType":"custom"}]}],"datePublic":"2023-02-22T11:25:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal  the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms."}],"value":"Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal  the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms."}],"impacts":[{"capecId":"CAPEC-592","descriptions":[{"lang":"en","value":"CAPEC-592 Stored XSS"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2023-10-16T09:48:30.086Z"},"references":[{"tags":["vendor-advisory"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"},{"tags":["related"],"url":"https://gist.github.com/Argonx21/5ef4d123c975285b3a42835c8e81603a"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Fixed in v769<br>"}],"value":"Fixed in v769\n"}],"source":{"discovery":"EXTERNAL"},"title":"Stored Cross Site Scripting - Special Days Module","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:56:04.230Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"},{"tags":["related","x_transferred"],"url":"https://gist.github.com/Argonx21/5ef4d123c975285b3a42835c8e81603a"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-06T14:06:57.184142Z","id":"CVE-2023-24516","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-06T14:13:21.668Z"}}]}}