Multiple XSS on PandoraFMS 7.0 NG ≤ 746
We all know XSS is dangerous, especially authenticated user can run ‘arbitrary’ command to reach RCE.
On April I’ve sent an email to PandoraFMS but i did not received any confirmation from PandoraFMS regarding the Multiple XSS
Reflect XSS on SNMP Browser
I did not verify properly but i assume it’s fixed on PandoraFMS 7.0NG 746
1 . /etc/snmp/snmpd.conf
http://IP/pandora_console/index.php?sec=snmpconsole&sec2=operation/snmpconsole/snmp_browser
If you want snmpd.conf download >> snmpd.conf
Reflect XSS
2. Discovery > Host & Devices > Network Scan
http://IP/pandora_console/index.php?sec=godmode/servers/discovery&wiz=hd&sec2=godmode/servers/discovery&wiz=hd&mode=netscan
Click next, and it will trigger XSS
Stored XSS
3. Visual Styles
http://IP/pandora_console/index.php?sec=general&sec2=godmode/setup/setup§ion=vis
4. Profiles > Modules Tags > Create Tag
http://192.168.11.180/pandora_console/index.php?sec=gusuarios&sec2=godmode/tag/tag
5.Stored XSS occur in ‘system logfiles’
http://192.168.11.180/pandora_console/index.php?sec=godmode/extensions&sec2=extensions/pandora_logs
We go to general setup to input malicious input
http://IP/pandora_console/index.php?sec=general&sec2=godmode/setup/setup§ion=general
After button ‘update’ has clicked, navigate to ‘system logfiles’
6. Stored XSS on Manage agent group
Profiles > Manage agent groups
http://IP/pandora_console/index.php?sec=gusuarios&sec2=godmode/groups/group_list
To trigger the XSS
‘MOVE CURSOR POINTING TO ICON’
7.Stored XSS on Network Map
http://IP/pandora_console/index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=hd&mode=customnetscan
Click Finished
Now, to trigger the XSS navigate to
http://IP/pandora_console/index.php?sec=network&sec2=operation/agentes/pandora_networkmap and click Create Network Map
8.Stored XSS on View Events
Event > View Event
http://IP/pandora_console/index.php?sec=eventos&sec2=operation/events/events
At the Event Name, click any one of it and navigate to comments area
When you clicked back the same event to view details, XSS will be trigger too.
9.Stored XSS on List of special day Stored
Alert > List of Special days
http://IP/pandora_console/index.php?sec=galertas&sec2=godmode/alerts/alert_special_days
To Trigger XSS, move your cursor to ‘exclamation mark icon’.









