Lucene search
K

Zabbix 6.0.x < 6.0.45 / 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27760)

🗓️ 15 May 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 13 Views

Zabbix servers older than 6.0.45, 7.0.24, or 7.4.8 have stored cross site scripting via widgets when HTML is on.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-23928
6 May 202607:00
attackerkb
BDU FSTEC
The vulnerability of the user interface of the universal monitoring system Zabbix allows a intruder to execute arbitrary JavaScript code.
8 May 202600:00
bdu_fstec
Circl
CVE-2026-23928
6 May 202610:31
circl
CNNVD
Zabbix 跨站脚本漏洞
6 May 202600:00
cnnvd
CVE
CVE-2026-23928
6 May 202607:00
cve
Cvelist
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
6 May 202607:00
cvelist
Debian CVE
CVE-2026-23928
6 May 202607:00
debiancve
EUVD
EUVD-2026-27530
6 May 202607:00
euvd
NVD
CVE-2026-23928
6 May 202608:16
nvd
OSV
DEBIAN-CVE-2026-23928
6 May 202608:16
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(314956);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/18");

  script_cve_id("CVE-2026-23928");
  script_xref(name:"IAVA", value:"2026-A-0438");

  script_name(english:"Zabbix 6.0.x < 6.0.45 / 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27760)");

  script_set_attribute(attribute:"synopsis", value:
"A monitoring application installed on the remote host is affected by a cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Zabbix Server installed on the remote host is prior to 6.0.45, 7.0.24, 7.4.8. It is, therefore,
affected by a stored cross-site scripting (XSS) vulnerability. The Item history widget (in Zabbix 7.0+) or the Plain
text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker
to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious
JavaScript would have to come from a monitored host controlled by the attacker.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-27760");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Zabbix version 6.0.45, 7.0.24, 7.4.8 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-23928");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zabbix:zabbix_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("zabbix_server_nix_installed.nbin");
  script_require_keys("installed_sw/Zabbix Server");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [{'scope': 'target', 'match': {'os': 'linux'}}],
  'checks': [
    {
      'product': {'name': 'Zabbix Server', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'min_version':'6.0.0', 'fixed_version':'6.0.45'},
        {'min_version':'7.0.0', 'fixed_version':'7.0.24'},
        {'min_version':'7.4.0', 'fixed_version':'7.4.8'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING, flags:{"xss":TRUE});
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 47.3
EPSS0.00285
SSVC
13