Vulnerabilities > Zabbix > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
2022-07-06 CVE-2022-35229 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.
network
low complexity
zabbix CWE-79
5.4
2022-07-06 CVE-2022-35230 Cross-site Scripting vulnerability in Zabbix
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users.
network
low complexity
zabbix CWE-79
5.4
2022-03-09 CVE-2022-24349 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
2022-03-09 CVE-2022-24917 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
2022-03-09 CVE-2022-24918 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
network
high complexity
zabbix fedoraproject CWE-79
4.4
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
2022-01-13 CVE-2022-23133 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.
network
low complexity
zabbix fedoraproject CWE-79
5.4
2022-01-13 CVE-2022-23134 Improper Authentication vulnerability in multiple products
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.
network
low complexity
zabbix fedoraproject debian CWE-287
5.3
2020-07-17 CVE-2020-15803 Cross-site Scripting vulnerability in multiple products
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
network
low complexity
zabbix fedoraproject debian opensuse CWE-79
6.1