An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
References
Link | Resource |
---|---|
https://support.zabbix.com/browse/ZBX-21305 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-07-06 04:15
Updated : 2022-07-14 14:53
NVD link : CVE-2022-35230
Mitre link : CVE-2022-35230
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
zabbix
- zabbix