Zabbix · Zabbix · CVE-2022-35230
**Name of the Vulnerable Software and Affected Versions**
Zabbix (affected versions not specified)
**Description**
The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with reflected Javascript code for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.