CVE-2026-23928

🗓️ 06 May 2026 07:00:33Reported by ZabbixType

Stored XSS in Item History and Plain Text widgets when HTML is enabled, enabling attacker JavaScript.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2026-23928	6 May 202607:00	–	attackerkb
Circl	CVE-2026-23928	6 May 202610:31	–	circl
CNNVD	Zabbix 跨站脚本漏洞	6 May 202600:00	–	cnnvd
Cvelist	CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget	6 May 202607:00	–	cvelist
Debian CVE	CVE-2026-23928	6 May 202607:00	–	debiancve
EUVD	EUVD-2026-27530	6 May 202607:00	–	euvd
NVD	CVE-2026-23928	6 May 202608:16	–	nvd
OSV	DEBIAN-CVE-2026-23928	6 May 202608:16	–	osv
OSV	UBUNTU-CVE-2026-23928	6 May 202608:16	–	osv
Positive Technologies	PT-2026-37346	6 May 202600:00	–	ptsecurity

[
  {
    "vendor": "Zabbix",
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "modules": [
      "Frontend"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.44",
        "changes": [
          {
            "at": "6.0.45",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.23",
        "changes": [
          {
            "at": "7.0.24",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.7",
        "changes": [
          {
            "at": "7.4.8",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-27760

07 May 2026 14:56Current

5.9Medium risk

Vulners AI Score5.9

CVSS 47.3

EPSS0.00074

SSVC

CWE-79