Janis Nulle

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An authenticated administrator without super-user privileges can inject a JavaScript payload when creating a maintenance period. This payload is executed when any user opens the tooltip for that specific maintenance period within the Host navigator widget, potentially allowing the attacker to perform unauthorized actions based on the permissions of the user who triggers the tooltip. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 6.0 through 7.x **Description** The Item history widget and the Plain text widget allow the execution of injected JavaScript when HTML display is enabled. This occurs when malicious JavaScript is sent from a monitored host controlled by an attacker. If a user opens a dashboard containing these widgets, the script executes, potentially allowing the attacker to perform unauthorized actions. The Item history widget replaced the Plain text widget starting with version 7.0. **Recommendations** Disable HTML display in the Item history and Plain text widgets to prevent the execution of injected scripts.

**Name of the Vulnerable Software and Affected Versions** Zabbix Agent 2 (affected versions not specified) **Description** The Docker plugin in Zabbix Agent 2 fails to properly sanitize parameters for the 'docker.container info' function when forwarding them to the Docker daemon. This allows an attacker with the ability to invoke Agent 2 to read arbitrary files from running Docker containers by injecting them through the Docker archive API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An unauthenticated attacker can exploit the 'validate' action in the Frontend to blindly instantiate arbitrary PHP classes. The impact of this issue depends on the environment setup and currently appears limited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions prior to 7.4.6 **Description** A Zabbix user with API access can exploit a blind SQL injection in the `CApiService.php` file. The issue resides in the `sortfield` parameter, allowing an attacker to execute arbitrary SQL selects. While query results are not directly returned, data can be exfiltrated using time-based techniques. This could lead to the disclosure of session identifiers and compromise of administrator accounts. The vulnerable component is located at the API endpoint include/classes/api/`CApiService.php`. The vulnerable parameter is `sortfield`. **Recommendations** Update to Zabbix version 7.4.6 or later.

Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 versions 5.0 and earlier Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize `smart.disk.get` parameters, potentially allowing an attacker to inject unexpected arguments into the `smartctl` command. This can lead to remote code execution. Recommendations: Update Zabbix Agent 2 to a version later than 5.0.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: A flaw exists in the Zabbix API where the `hostprototype.get` method inappropriately lists all host prototypes to users lacking assigned user groups. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.