6 matches found
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2014-2329
Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...
CVE-2014-2329
Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...
CVE-2014-2329
Check_MK is affected in versions before 1.2.2p3 and 1.2.3x before 1.2.3i5 by multiple cross-site scripting (XSS) vulnerabilities due to improper validation of user input. An authenticated remote attacker can inject arbitrary script via the (1) agent string for a check_mk agent, (2) a crafted requ...