CVE-2011-4615Cross-site Scripting in Zabbix

CWE-79Cross-site Scripting7 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZabbixDebian Zabbix
Timeline
PublishedDec 29
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/zabbix< zabbix 1:1.8.10-1 (bookworm)
Debianzabbix/zabbix< 1:1.8.10-1+3
NVDzabbix/zabbix1.8.10+55

🔴Vulnerability Details

2
GHSA
GHSA-f832-gjrw-m8w5: Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 12022-05-17
OSV
CVE-2011-4615: Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 12011-12-29

📋Vendor Advisories

1
Debian
CVE-2011-4615: zabbix - Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allo...2011

💬Community

3
Bugzilla
CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x2011-12-16
Bugzilla
CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x [fedora-all]2011-12-16
Bugzilla
CVE-2011-4615 zabbix: persistent XSS flaws in 1.8.x [epel-6]2011-12-16