CVE-2022-23133

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to the lack of protection of the web page structure in Zabbix, allowing a remote attacker to impact data integrity. An authenticated user can create a hosts group from the configuration with an XSS payload, which will be available for other users. When the XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire, and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.