PT-2023-9162 · Zabbix+4 · Zabbix+4

Sergejs Maklakovs

Publicado

2023-11-22

Atualizado

2024-11-21

CVE-2024-22119

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is caused by improper validation of the form input field Name on the Graph page in the Items section. This can lead to a cross-site scripting (XSS) attack, allowing a remote attacker to exploit the vulnerability. XSS is a type of attack where an attacker injects malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-79

Identificadores relacionados

ALT-PU-2024-15834

ALT-PU-2024-3075

ALT-PU-2024-3077

ALT-PU-2024-3365

BDU:2024-04280

CVE-2024-22119

DLA-3798-1

DLA-3909-1

OPENSUSE-SU-2024:0064-1

SUSE-SU-2024:0862-1

SUSE-SU-2024_0862-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Suse

Zabbix

PT-2023-9162 · Zabbix+4 · Zabbix+4

CVE-2024-22119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 109