What is CVE-2022-24349?

CVE-2022-24349 is a medium-severity vulnerability in Zabbix Frontend, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2022-03-09.

How severe is CVE-2022-24349?

Medium severity. CVSS v3 base score is 4.6 out of 10.

XSS in Zabbix Frontend

CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the co…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (75.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L.

Affected products

Zabbix Frontend — versions 4.0.0-4.0.38, 5.0.0-5.0.20, 5.4.0-5.4.10

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

support.zabbix.com/browse/ZBX-20680
FEDORA-2022-5fab125c08 (vendor-advisory)
FEDORA-2022-d714c0d39c (vendor-advisory)
FEDORA-2022-19a9053f17 (vendor-advisory)
[debian-lts-announce] 20220412 [SECURITY] [DLA 2980-1] zabbix security update (mailing-list)
[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update (mailing-list)

Frequently asked questions

What is CVE-2022-24349?: CVE-2022-24349 is a medium-severity vulnerability in Zabbix Frontend, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2022-03-09.
How severe is CVE-2022-24349?: Medium severity. CVSS v3 base score is 4.6 out of 10.