Zabbix 2.2.8 users can setup a URL as their main redirection point when logged in. This URL can be setup to something else than the zabbix front-end website, allowing them to redirect outside.

Moreover, under the trigger alerts menu, a redirect URL is also transmitted over GET and is not fully sanitized, allowing an attacker to perform URL redirection on targeted victims.