PT-2020-6949 · Zabbix+4 · Zabbix+4

Rostislav Palivoda

Published

2016-09-16

Updated

2023-04-12

CVE-2020-15803

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zabbix versions 3.0.0 through 3.0.32rc1 Zabbix versions 4.0.0 through 4.0.22rc1 Zabbix versions 4.1.x through 4.4.x before 4.4.10rc1 Zabbix versions 5.x before 5.0.2rc1

Description The issue is related to the lack of protection of the web page structure in Zabbix, allowing for stored XSS in the URL Widget. This could enable a remote attacker to impact data integrity.

Recommendations For Zabbix versions 3.0.0 through 3.0.32rc1, update to version 3.0.32rc1 or later. For Zabbix versions 4.0.0 through 4.0.22rc1, update to version 4.0.22rc1 or later. For Zabbix versions 4.1.x through 4.4.x before 4.4.10rc1, update to version 4.4.10rc1 or later. For Zabbix versions 5.x before 5.0.2rc1, update to version 5.0.2rc1 or later. As a temporary workaround, consider disabling the URL Widget until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2016-1977

ALT-PU-2019-1862

ALT-PU-2020-2718

ALT-PU-2020-3398

ALT-PU-2021-2156

BDU:2023-09072

CVE-2020-15803

DLA-2311-1

DLA-2631-1

DLA-3390-1

OPENSUSE-SU-2020:1604-1

OPENSUSE-SU-2020_1604-1

OPENSUSE-SU-2022:0036-1

OPENSUSE-SU-2022_0036-1

OPENSUSE-SU-2022_0058-1

OPENSUSE-SU-2024:11539-1

SUSE-SU-2020:2251-1

SUSE-SU-2020_2251-1

USN-4767-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Zabbix

PT-2020-6949 · Zabbix+4 · Zabbix+4

CVE-2020-15803

Weakness Enumeration

Related Identifiers

Affected Products

References · 47