The vulnerability of the Universal Monitoring System Interface of Zabbix, which allows attackers to perform cross-site scripting attacks

Zabbix monitoring interface allows cross-site scripting from poor URL input validation in Maps.

Reporter	Title	Published	Views	Family All 60
AlpineLinux	CVE-2023-32721	12 Oct 202307:15	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в zabbix	20 May 202605:53	–	astralinux
CNNVD	Zabbix Cross-Site Scripting Vulnerability	12 Oct 202300:00	–	cnnvd
CVE	CVE-2023-32721	12 Oct 202306:04	–	cve
Cvelist	CVE-2023-32721 Stored XSS in Maps element	12 Oct 202306:04	–	cvelist
Debian	[SECURITY] [DLA 3717-1] zabbix security update	24 Jan 202421:16	–	debian
Debian	[SECURITY] [DLA 3909-1] zabbix security update	3 Oct 202418:05	–	debian
Debian CVE	CVE-2023-32721	12 Oct 202306:04	–	debiancve
Tenable Nessus	Debian dla-3717 : zabbix-agent - security update	24 Jan 202400:00	–	nessus
Tenable Nessus	Debian dla-3909 : zabbix-agent - security update	3 Oct 202400:00	–	nessus

Vulners

Node

zabbix_llc.zabbixRange4.0.0–4.0.47

zabbix_llc.zabbixRange5.0.0–5.0.36

zabbix_llc.zabbixRange6.0.0–6.0.20

zabbix_llc.zabbixRange6.4.0–6.4.5

zabbix_llc.zabbixRange7.0.0alpha1–7.0.0alpha3

Source	Link
support	www.support.zabbix.com/browse/ZBX-23389
vuldb	www.vuldb.com/
altsp	www.altsp.su/obnovleniya-bezopasnosti/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.11/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
abf	www.abf.rosa.ru/advisories/ROSA-SA-2024-2539
web	www.web.nvd.nist.gov/view/vuln/detail

05 Mar 2025 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 27.5

CVSS 37.6

EPSS0.00595