Page 5 of 88 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. • https://support.zabbix.com/browse/ZBX-22989 • CWE-129: Improper Validation of Array Index •

CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22987 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22986 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22985 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. • https://support.zabbix.com/browse/ZBX-22981 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •