CVE-2022-24349

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with a reflected XSS payload for actions' pages and send it to other users. The malicious code can access all the same objects as the rest of the web page and make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and requires an attacker to have authorized access to the Zabbix Frontend, allowed network connection between a malicious server and the victim's computer, understand the attacked infrastructure, be recognized by the victim as a trustee, and use a trusted communication channel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.