Vulnerabilities > Zabbix > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-06 | CVE-2022-35229 | Cross-site Scripting vulnerability in Zabbix An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. | 5.4 |
2022-03-09 | CVE-2022-24349 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. | 4.4 |
2022-03-09 | CVE-2022-24917 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. | 4.4 |
2022-03-09 | CVE-2022-24918 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. | 4.4 |
2022-03-09 | CVE-2022-24919 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. | 4.4 |
2022-01-27 | CVE-2021-46088 | Unspecified vulnerability in Zabbix Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). | 6.5 |
2022-01-13 | CVE-2022-23131 | Authentication Bypass by Spoofing vulnerability in Zabbix In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. | 5.1 |
2022-01-13 | CVE-2022-23133 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. | 5.4 |
2022-01-13 | CVE-2022-23134 | Improper Authentication vulnerability in multiple products After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. | 5.3 |
2021-03-03 | CVE-2021-27927 | Cross-Site Request Forgery (CSRF) vulnerability in Zabbix In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. | 6.8 |