Vulnerabilities > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-43516 | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | 9.8 |
| 2022-12-05 | CVE-2022-43515 | Incorrect Authorization vulnerability in Zabbix Frontend Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. | 9.8 |
| 2022-09-14 | CVE-2022-40626 | Cross-site Scripting vulnerability in multiple products An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | 6.1 |
| 2022-07-06 | CVE-2022-35229 | Cross-site Scripting vulnerability in Zabbix An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. | 3.5 |
| 2022-07-06 | CVE-2022-35230 | Cross-site Scripting vulnerability in Zabbix An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. | 3.5 |
| 2022-03-09 | CVE-2022-24349 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. | 2.1 |
| 2022-03-09 | CVE-2022-24917 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. | 2.1 |
| 2022-03-09 | CVE-2022-24918 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. | 2.1 |
| 2022-03-09 | CVE-2022-24919 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. | 2.1 |
| 2022-01-27 | CVE-2021-46088 | Unspecified vulnerability in Zabbix Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). | 6.5 |