Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22988

Insufficient validation of Action form input fields (CVE-2023-29457)

XMLWordPrintable

      Mitre ID https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29457
      CVSS score 6.3
      Severity Medium
      Summary Insufficient validation of Action form input fields
      Description Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.
      Known attack vectors Using reflected XSS session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their private accounts.
      Patch provided  No
      Component/s Frontend
      Affected version/s and fix version/s ·         Affected: 4.0.45, 5.0.34, 6.0.17
      ·         Fix: 4.0.46rc1, 5.0.35rc1, 6.0.18rc1
      Fix compatibility tests -
      Resolution Fixed
      Workarounds -
      Acknowledgements -

            zabbix.dev Zabbix Development Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: