PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
http://packetstormsecurity.com/files/163466/Pandora-FMS-7.54-Cross-Site-Scripting.html