CVSS: 4.3EPSS: 0%CPEs: 67EXPL: 1CVE-2011-2904
https://notcve.org/view.php?id=CVE-2011-2904
Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en acknow.php en Zabbix antes de la versión 1.8.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'backurl'. • http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063884.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063904.html http://secunia.com/advisories/45502 http://secunia.com/advisories/45677 http://www.openwall.com/lists/oss-security/2011/08/08/2 http://www.openwall.com/lists/oss-security/2011/08/09/5 http://www.securityfocus.com/bid/49016 http://www.zabbix.com/rn1.8.6.php https://bugzilla.redhat.com/show_bug.cgi?id=729162 ht • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •