Lucene search

K
ZabbixFrontend

11 matches found

CVE
CVE
added 2022/03/09 8:15 p.m.133 views

CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack ...

4.6CVSS5AI score0.00271EPSS
CVE
CVE
added 2022/03/09 8:15 p.m.115 views

CVE-2022-24919

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the...

4.4CVSS5AI score0.00415EPSS
CVE
CVE
added 2022/03/09 8:15 p.m.101 views

CVE-2022-24917

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all t...

4.4CVSS5AI score0.00415EPSS
CVE
CVE
added 2022/12/12 1:49 a.m.100 views

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disc...

9.8CVSS7AI score0.00121EPSS
CVE
CVE
added 2023/07/13 10:15 a.m.91 views

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.

6.1CVSS5.9AI score0.00724EPSS
CVE
CVE
added 2022/03/09 8:15 p.m.88 views

CVE-2022-24918

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the ...

4.4CVSS5AI score0.00416EPSS
CVE
CVE
added 2023/12/18 10:15 a.m.87 views

CVE-2023-32725

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

9.6CVSS9AI score0.00204EPSS
CVE
CVE
added 2023/07/13 10:15 a.m.80 views

CVE-2023-29454

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every vic...

5.4CVSS5.5AI score0.00471EPSS
CVE
CVE
added 2023/07/13 10:15 a.m.79 views

CVE-2023-29457

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.

6.3CVSS6.3AI score0.00289EPSS
CVE
CVE
added 2023/08/03 10:15 p.m.60 views

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.

6.1CVSS5AI score0.00181EPSS
CVE
CVE
added 2023/07/13 10:15 a.m.43 views

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.

5.7CVSS7.2AI score0.0007EPSS