Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-43516 A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
network
low complexity
zabbix microsoft
critical
 9.8
9.8
2022-12-05 CVE-2022-43515 Incorrect Authorization vulnerability in Zabbix Frontend
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.
network
low complexity
zabbix CWE-863
critical
 9.8
9.8
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
6.1
2022-07-06 CVE-2022-35229 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.
network
zabbix CWE-79
3.5
3.5
2022-07-06 CVE-2022-35230 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users.
network
zabbix CWE-79
3.5
3.5
2022-03-09 CVE-2022-24349 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24917 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24918 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
network
high complexity
zabbix fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-01-27 CVE-2021-46088 Unspecified vulnerability in Zabbix
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE).
network
low complexity
zabbix
6.5
6.5