CVE-2010-2790

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 1.8.3rc1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to the triggers page. The vulnerable parameters include filter set, show details, filter rst, and txt select in the tr status.php page.

Recommendations For Zabbix versions prior to 1.8.3rc1, update to version 1.8.3rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the tr status.php page and limiting the use of the vulnerable parameters filter set, show details, filter rst, and txt select until a patch is applied.