7 matches found
[SECURITY] [DLA 3909-1] zabbix security update
Debian LTS Advisory DLA-3909-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 03, 2024 https://wiki.debian.org/LTS Package : zabbix Version : 1:5.0.44+dfsg-1+deb11u1 CVE ID : CVE-2022-23132 CVE-2022-23133 CVE-2022-24349 CVE-2022-24917 CVE-2022-24918...
Debian: Security Advisory (DLA-3390-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3390-1] zabbix security update
Debian LTS Advisory DLA-3390-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost April 12, 2023 https://wiki.debian.org/LTS Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u1 CVE ID : CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917...
SUSE: Security Advisory (SUSE-SU-2022:1254-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1254-1 Security update for zabbix
This update for zabbix fixes the following issues: - CVE-2022-24349: Fixed a reflected XSS in the action configuration window bsc1196944. - CVE-2022-24917: Fixed a reflected XSS in the service configuration window bsc1196945. - CVE-2022-24918: Fixed a reflected XSS in the item configuration windo...
CVE-2022-24349
CVE-2022-24349: In Zabbix, an authenticated user can create a hosts group with a stored XSS payload that becomes available to other users. When users search groups (and similar vectors described in the Debian/SUSE advisories), the XSS payload can execute in the victim’s browser, enabling actions ...
CVE-2022-24349 Reflected XSS in action configuration window of Zabbix Frontend
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...