Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-43515 Incorrect Authorization vulnerability in Zabbix Frontend
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.
network
low complexity
zabbix CWE-863
critical
 9.8
9.8
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
6.1
2022-07-06 CVE-2022-35229 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.
network
low complexity
zabbix CWE-79
5.4
5.4
2022-07-06 CVE-2022-35230 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users.
network
low complexity
zabbix CWE-79
5.4
5.4
2022-03-09 CVE-2022-24349 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24917 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24918 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
network
high complexity
zabbix fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-01-27 CVE-2021-46088 Unspecified vulnerability in Zabbix
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE).
network
low complexity
zabbix
7.2
7.2
2022-01-13 CVE-2022-23131 Authentication Bypass by Spoofing vulnerability in Zabbix
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
network
low complexity
zabbix CWE-290
critical
 9.8
9.8