-
Defect (Security)
-
Resolution: Fixed
-
Major
-
None
-
None
| Mitre ID | CVE-2023-32721 |
| CVSS score | 7.6 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N |
| Severity | High |
| Summary | Stored XSS in Maps element |
| Description | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field. |
| Known attack vectors | The impact of a successful XSS exploitation varies. In a worst-case scenario, an attacker can execute JavaScript code within the victim's browser. This opens the door to many scenarios of which the most common are session Hijacking, user Impersonation or client-Side Attacks. |
| Patch provided | No |
| Component/s | API, Frontend |
| Affected version/s and fix version/s | 4.0.0 - 4.0.47 / 4.0.48rc1 5.0.0 - 5.0.36 / 5.0.37rc1 6.0.0 - 6.0.20 / 6.0.21rc1 6.4.0 - 6.4.5 / 6.4.6rc1 7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | This vulnerability is reported in HackerOne platform by prasetia |