Page 3 of 23 results (0.006 seconds)

CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Se ha encontrado Cross-Site Scripting (XSS) almacenado en la aplicación web Zabbix en el elemento Maps si un campo URL está configurado con espacios antes de la URL. • https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html https://support.zabbix.com/browse/ZBX-23389 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. • https://support.zabbix.com/browse/ZBX-22989 • CWE-129: Improper Validation of Array Index •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. • https://support.zabbix.com/browse/ZBX-22981 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22587 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22588 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •