Zabbix Security Vulnerabilities and Issues — Zabbix CVE List

Lucene search

ZabbixZabbix

6 matches found

CVE•added 2020/07/17 3:15 a.m.•224 views

CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

6.1CVSS5.9AI score0.02092EPSS

CVE•added 2022/01/13 4:15 p.m.•175 views

CVE-2022-23133

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can stea...

6.3CVSS5.6AI score0.00553EPSS

CVE•added 2022/09/14 11:15 a.m.•86 views

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

6.1CVSS5.7AI score0.01162EPSS

CVE•added 2019/02/17 4:29 p.m.•64 views

CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

6.1CVSS6.6AI score0.00421EPSS

CVE•added 2024/08/12 1:38 p.m.•52 views

CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

6.1CVSS6.3AI score0.00033EPSS

CVE•added 2009/12/31 6:30 p.m.•47 views

CVE-2009-4498

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.

6.8CVSS7.3AI score0.71776EPSS