CVE-2023-41815 – This CVE describes a cross-site scripting (XSS)... (How to Fix)

Q: What is the severity of CVE-2023-41815?

CVE-2023-41815 has a CVSS score of 7.5 (HIGH). This CVE describes a cross-site scripting (XSS) vulnerability in Pandora FMS that allows attackers to inject malicious scripts into the File Manager section. When exploited, this could enable session hijacking, credential theft, or unauthorized actions. All Pandora FMS installations from version 700 through 774 are affected.

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in Pandora FMS that allows attackers to inject malicious scripts into the File Manager section. When exploited, this could enable session hijacking, credential theft, or unauthorized actions. All Pandora FMS installations from version 700 through 774 are affected.

💻 Affected Systems

Products:

Pandora FMS

Versions: 700 through 774

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Pandora Fms by Pandorafms

View all CVEs affecting Pandora Fms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of administrator accounts leading to full system takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Session hijacking of authenticated users, credential theft, and unauthorized file operations through the File Manager.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting the specific user session.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities are commonly weaponized, though this requires authenticated access to the File Manager section.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 775 and later

Vendor Advisory: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Restart Required: Yes

Instructions:

1. Backup your current installation. 2. Download Pandora FMS version 775 or later from the official website. 3. Follow the upgrade instructions in the documentation. 4. Restart all Pandora FMS services.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for File Manager inputs

Requires custom code modifications to sanitize user inputs in the File Manager module

🧯 If You Can't Patch

Restrict access to the File Manager section to only trusted administrators
Implement a Web Application Firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check your Pandora FMS version via the web interface or configuration files. If version is between 700 and 774 inclusive, you are vulnerable.

Check Version:

Check /etc/pandora/pandora_server.conf or the About section in the web interface

Verify Fix Applied:

After upgrading to version 775 or later, verify the version number and test File Manager functionality for proper input sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual file operations in File Manager logs
Suspicious JavaScript payloads in access logs

Network Indicators:

Unexpected JavaScript execution in File Manager requests

SIEM Query:

source="pandora_fms" AND ("File Manager" OR "file_manager") AND ("script" OR "javascript" OR "onerror" OR "onload")

📊 Metadata

CVE ID: CVE-2023-41815

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

CWE: CWE-79

Published: December 29, 2023

Last Updated: November 21, 2024

🔗 References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41815, you might also want to check these: