Zabbix Frontend
11 CVEs affecting Zabbix Frontend. Latest disclosed: 2022-12-12. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23131 | Critical | 9.1 | 2022-01-13 | In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login st… |
CVE-2022-23133 | Medium | 6.3 | 2022-01-13 | An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authe… |
CVE-2022-43515 | Medium | 5.3 | 2022-12-12 | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any us… |
CVE-2022-40626 | Medium | 4.8 | 2022-09-14 | An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to crea… |
CVE-2022-24349 | Medium | 4.6 | 2022-03-09 | An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same ob… |
CVE-2022-35230 | Low | 3.7 | 2022-07-06 | An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed on… |
CVE-2022-35229 | Low | 3.7 | 2022-07-06 | An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed… |
CVE-2022-24919 | Low | 3.7 | 2022-03-09 | An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only… |
CVE-2022-24918 | Low | 3.7 | 2022-03-09 | An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only w… |
CVE-2022-24917 | Low | 3.7 | 2022-03-09 | An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed onl… |
CVE-2022-23134 | Low | 3.7 | 2022-01-13 | After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious a… |