CVE-2022-43980 PoC — Cross-site scripting vulnerability in the network maps edit functionality

Source

https://github.com/Argonx21/CVE-2022-43980

Associated Vulnerability

Title:Cross-site scripting vulnerability in the network maps edit functionality (CVE-2022-43980)
Description:There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.

Description

Stored Cross Site Scripting Vulnerability in the network maps edit functionality

Readme

# CVE-2022-43980
Stored Cross Site Scripting Vulnerability in the network maps edit functionality of PandoraFMS <= Package v765 RRR.



##### > Exploit Title: Stored Cross Site Scripting
##### > Date: 15/02/2023
##### > Exploit Author: Gaurish Kauthankar
##### > Vendor Homepage: https://pandorafms.com/en/
##### > Software Link: https://github.com/pandorafms/pandorafms
##### > Version: <= v765 RRR
##### > Tested on: Ubuntu
##### > CVE ID: CVE-2022-43980


### Steps to reproduce
1. As a low privilege user, create a network map containing name as xss payload.  
2. Once created, admin user must click on the edit network maps link.  
3. XSS payload will be executed, which could be used for stealing admin users cookie value, etc.

File Snapshot


 [4.0K]  /data/pocs/4b3c2a26d4f7d0f99fed98319675f2e58a50949b
└── [ 734]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!