CVE-2022-35229

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to the lack of protection of the web page structure in Zabbix, a universal monitoring system. An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. This could allow a remote attacker to impact the integrity of the data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2018-2422

ALT-PU-2021-2582

ALT-PU-2021-2668

ALT-PU-2022-1975

ALT-PU-2023-6268

BDU:2023-01711

CVE-2022-35229

DLA-3390-1

DLA-3538-1

DLA-3538-2

DLA-3909-1

ROSA-SA-2024-2539

USN-6751-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Zabbix

CVE-2022-35229

Weakness Enumeration

Related Identifiers

Affected Products

References · 31