CVE-2023-32722 – Stack-buffer Overflow in library module zbxjson
https://notcve.org/view.php?id=CVE-2023-32722
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. El módulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del búfer al analizar archivos JSON a través de zbx_json_open. • https://support.zabbix.com/browse/ZBX-23390 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-32721 – Stored XSS in Maps element
https://notcve.org/view.php?id=CVE-2023-32721
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Se ha encontrado Cross-Site Scripting (XSS) almacenado en la aplicación web Zabbix en el elemento Maps si un campo URL está configurado con espacios antes de la URL. • https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html https://support.zabbix.com/browse/ZBX-23389 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •