In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/