Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18057

Stored Cross Site Scripting attack on URL widget (CVE-2020-15803)

    XMLWordPrintable

Details

    • Team B
    • Sprint 66 (Jul 2020)
    • 1

    Description

       

      1. Add in to zabbix defines configuration to use iFrame sandbox parameter
        1. On by default
        2. Update documentation on https://www.zabbix.com/documentation/current/manual/installation/requirements/best_practices
      2. Add sandbox parameter to URL widget iframe

      As a separate change will be refactoring of definex.inc to allow user override defines without reset the values on update. 

      Attachments

        Issue Links

          Activity

            People

              talbergs Mārtiņš Tālbergs (Inactive)
              palivoda Rostislav Palivoda
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: