Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18057

Stored Cross Site Scripting attack on URL widget (CVE-2020-15803)

    XMLWordPrintable

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 66 (Jul 2020)
    • Story Points:
      1

      Description

       

      1. Add in to zabbix defines configuration to use iFrame sandbox parameter
        1. On by default
        2. Update documentation on https://www.zabbix.com/documentation/current/manual/installation/requirements/best_practices
      2. Add sandbox parameter to URL widget iframe

      As a separate change will be refactoring of definex.inc to allow user override defines without reset the values on update. 

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              talbergs Mārtiņš Tālbergs (Inactive)
              Reporter:
              palivoda Rostislav Palivoda
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: