11 matches found
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
DEBIAN-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
UBUNTU-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
EUVD-2026-27530
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
CVE-2026-23928 describes a stored XSS in Zabbix widgets: the Item history widget (7.0+) or the Plain text widget (6.0) can execute injected JavaScript when HTML display is enabled. The attacker must supply the malicious script from a monitored host, and the impact varies by user viewing a dashboa...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
PT-2026-37346
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
Zabbix 跨站脚本漏洞
Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has a cross-site scripting vulnerability. This vulnerability arises from the Item history widget or Plain tex...