A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/