What is CVE-2022-23133?

CVE-2022-23133 is a medium-severity vulnerability in Zabbix Frontend, classified under Cross-site Scripting. CVSS score: 6.3/10. Published 2022-01-13.

How severe is CVE-2022-23133?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2022-23133 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Zabbix Frontend

CVE-2022-23133

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new hos…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.010 (76.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Zabbix Frontend — versions 5.0.0 – 5.0.18, 5.4.0 – 5.4.8, 5.0.19

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

support.zabbix.com/browse/ZBX-20388 (x_refsource_MISC)
FEDORA-2022-dfe346f53f (vendor-advisory, x_refsource_FEDORA)
FEDORA-2022-1a667b0f90 (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2022-23133?: CVE-2022-23133 is a medium-severity vulnerability in Zabbix Frontend, classified under Cross-site Scripting. CVSS score: 6.3/10. Published 2022-01-13.
How severe is CVE-2022-23133?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2022-23133 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.