Vulnerabilities > Zabbix > Zabbix > 5.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2022-23133 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. | 5.4 |
| 2021-03-03 | CVE-2021-27927 | Cross-Site Request Forgery (CSRF) vulnerability in Zabbix In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. | 6.8 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.0 |