Unrated severityNVD Advisory· Published Nov 19, 2014· Updated May 6, 2026

CVE-2014-8629

Description

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

Affected products

Pandorafms/Pandora Flexible Monitoring System
cpe:2.3:a:pandorafms:pandora_flexible_monitoring_system:*:sp1:*:*:*:*:*:*
Range: <=5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.pandorafms.orgnvdPatch
packetstormsecurity.com/files/129112/Pandora-FMS-5.1SP1-Cross-Site-Scripting.htmlnvdExploit
seclists.org/fulldisclosure/2014/Nov/35nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/98704nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000