Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22981

Possibility to add html code into Geomap attribution field (CVE-2023-29452)

XMLWordPrintable

      Mitre ID CVE-2023-29452
      CVSS score 5.5
      Severity Medium
      Summary Possibility to add html code into Geomap attribution field
      Description Currently, geomap configuration (Administration → General → Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
      Known attack vectors Information that is inserted into this field “Attribution text” is displayed in a small text box on the map. Malicious code can be entered into field and executed when user views map.
      Patch provided  No
      Component/s Frontend
      Affected version/s and fix version/s
      • Affected: 6.0.17, 6.4.2, 7.0.0alpha1
      • Fix: 6.0.18rc1, 6.4.2rc1, 7.0.0alpha1
      Fix compatibility tests -
      Resolution Fixed
      Workarounds None
      Acknowledgements  -

            zabbix.dev Zabbix Development Team
            mmelnikovs Maris Melnikovs (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: