Rostislav Palivoda

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 4.0.x through 4.0.28rc1 Zabbix versions 5.0.0alpha1 through 5.0.10rc1 Zabbix versions 5.2.x through 5.2.6rc1 Zabbix versions 5.4.0alpha1 through 5.4.0beta2 **Description** The issue is related to a lack of CSRF protection mechanism in the CControllerAuthenticationUpdate controller, which calls `diableSIDValidation` inside the `init()` method. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The attacker does not need to know the Zabbix user's login credentials but must know the correct Zabbix URL and contact information of an existing user with sufficient privileges. **Recommendations** For Zabbix versions 4.0.x through 4.0.28rc1, update to version 4.0.28rc1 or later. For Zabbix versions 5.0.0alpha1 through 5.0.10rc1, update to version 5.0.10rc1 or later. For Zabbix versions 5.2.x through 5.2.6rc1, update to version 5.2.6rc1 or later. For Zabbix versions 5.4.0alpha1 through 5.4.0beta2, update to version 5.4.0beta2 or later. As a temporary workaround, consider restricting access to the CControllerAuthenticationUpdate controller until a patch is available. Avoid using the `diableSIDValidation` function inside the `init()` method in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zabbix, a universal monitoring system. An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. This could allow a remote attacker to impact the integrity of the data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 3.0.0 through 3.0.32rc1 Zabbix versions 4.0.0 through 4.0.22rc1 Zabbix versions 4.1.x through 4.4.x before 4.4.10rc1 Zabbix versions 5.x before 5.0.2rc1 **Description** The issue is related to the lack of protection of the web page structure in Zabbix, allowing for stored XSS in the URL Widget. This could enable a remote attacker to impact data integrity. **Recommendations** For Zabbix versions 3.0.0 through 3.0.32rc1, update to version 3.0.32rc1 or later. For Zabbix versions 4.0.0 through 4.0.22rc1, update to version 4.0.22rc1 or later. For Zabbix versions 4.1.x through 4.4.x before 4.4.10rc1, update to version 4.4.10rc1 or later. For Zabbix versions 5.x before 5.0.2rc1, update to version 5.0.2rc1 or later. As a temporary workaround, consider disabling the URL Widget until a patch is available.