Vulnerabilities > Zabbix > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-35229 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.
network
low complexity
zabbix CWE-79
5.4
5.4
2022-03-09 CVE-2022-24349 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24917 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24918 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
network
high complexity
zabbix fedoraproject CWE-79
4.4
4.4
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-01-27 CVE-2021-46088 Unspecified vulnerability in Zabbix
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE).
network
low complexity
zabbix
6.5
6.5
2022-01-13 CVE-2022-23131 Authentication Bypass by Spoofing vulnerability in Zabbix
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
network
high complexity
zabbix CWE-290
5.1
5.1
2022-01-13 CVE-2022-23133 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.
network
low complexity
zabbix fedoraproject CWE-79
5.4
5.4
2022-01-13 CVE-2022-23134 Improper Authentication vulnerability in multiple products
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.
network
low complexity
zabbix fedoraproject debian CWE-287
5.3
5.3
2021-03-03 CVE-2021-27927 Cross-Site Request Forgery (CSRF) vulnerability in Zabbix
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism.
network
zabbix CWE-352
6.8
6.8