Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-12768

WASA Findings from NSOC Team

    XMLWordPrintable

Details

    • Team D
    • Sprint 8, Sprint 9, Sprint 10, Sprint 11, Sprint 12, Sprint 13, Sprint 14, Sprint 15, Sprint 32, Sprint 33, Sprint 34
    • 1

    Description

      Our VA NSOC WASA team has found the 2 High Findings during a WASA security Scan and need assistance from Zabbix to address the findings.

      1. Web Application is Vulnerable to Stored Cross-Site Scripting (XSS) Attacks

                1.	Login to the Zabbix application 
                2.	Navigate to Maps > Create Map > Add Icon > Add Link > URL:   Name: test URL: javascript:alert('eas') 
                3.	Update Map
                4.	Return to Map
                5.	Click created icon
                6.	Observe JavaScript POC. 
      

      2. Web Application is Vulnerable to Cross-Site Request Forgery (CSRF)

      1.	Log on to Application
      2.	Navigate Administration--> Users --> Create Users
      3.	Click attached html
       
      4.	Observe new user added
      

      Attachments

        Issue Links

          Activity

            People

              gcalenko Gregory Chalenko
              eric.lutjen Eric Lutjen
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: