Alixen

**Name of the Vulnerable Software and Affected Versions** Zabbix versions prior to 1.8.3rc1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to the triggers page. The vulnerable parameters include `filter set`, `show details`, `filter rst`, and `txt select` in the `tr status.php` page. **Recommendations** For Zabbix versions prior to 1.8.3rc1, update to version 1.8.3rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `tr status.php` page and limiting the use of the vulnerable parameters `filter set`, `show details`, `filter rst`, and `txt select` until a patch is applied.