Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22986

Reflected XSS in several fields of graph form (CVE-2023-29455)

XMLWordPrintable

      Mitre ID https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455
      CVSS score 5.4
      Severity Medium
      Summary Reflected XSS in several fields of graph form
      Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
      Known attack vectors Using this vulnerability attacker can pass malicious code as GET request to graph.php and system will save it and will execute when current graph page is opened.
      Patch provided  No
      Component/s Frontend
      Affected version/s and fix version/s ·         Affected: 4.0.45, 5.0.33
      ·         Fix: 4.0.46rc1, 5.0.35rc1
      Fix compatibility tests -
      Resolution fixed
      Workarounds None
      Acknowledgements  -

            zabbix.dev Zabbix Development Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: