9 matches found
[SECURITY] [DLA 3909-1] zabbix security update
Debian LTS Advisory DLA-3909-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 03, 2024 https://wiki.debian.org/LTS Package : zabbix Version : 1:5.0.44+dfsg-1+deb11u1 CVE ID : CVE-2022-23132 CVE-2022-23133 CVE-2022-24349 CVE-2022-24917 CVE-2022-24918...
Debian: Security Advisory (DLA-3390-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3390-1] zabbix security update
Debian LTS Advisory DLA-3390-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost April 12, 2023 https://wiki.debian.org/LTS Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u1 CVE ID : CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917...
SUSE: Security Advisory (SUSE-SU-2022:1254-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1254-1 Security update for zabbix
This update for zabbix fixes the following issues: - CVE-2022-24349: Fixed a reflected XSS in the action configuration window bsc1196944. - CVE-2022-24917: Fixed a reflected XSS in the service configuration window bsc1196945. - CVE-2022-24918: Fixed a reflected XSS in the item configuration windo...
CVE-2022-24917
creationtimestamp| type| source ---|---|--- 2022-03-09 22:15:18+00:00| seen| https://t.me/cibsecurity/38627...
CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
CVE-2022-24917
The CVE-2022-24917 describes an authenticated-user cross-site scripting issue in Zabbix frontend: an attacker can generate a link containing reflected Javascript on a services page and persuade other users to open it. The payload executes only if the victim’s CSRF token value (which is periodical...
CVE-2022-24917 Reflected XSS in service configuration window of Zabbix Frontend
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...