Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22985

Persistent XSS in the user form (CVE-2023-29454)

XMLWordPrintable

      Mitre ID CVE-2023-29454
      CVSS score 5.4
      Severity Medium
      Summary Persistent XSS in the user form
      Description Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.
      Known attack vectors Vulnerability was found on “Users” section in “Media” tab in “Send to” form field. When new media is created with malicious code included into field “Send to” then it will execute when editing the same media.
      Patch provided  No
      Component/s Frontend
      Affected version/s and fix version/s
      • Affected: 4.0.45, 5.0.33, 6.0.16
      • Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1
      Fix compatibility tests  
      Resolution Fixed
      Workarounds None
      Acknowledgements  -

            zabbix.dev Zabbix Development Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: