Zabbix.Dashboard.URL.Widget.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Zabbix Server.
The vulnerability is due to insufficient validation of user input submitted to the dashboard widget check endpoint for URL widgets. A remote authenticated attacker can exploit this vulnerability by adding an URL widget to the dashboard. Successful exploitation could result in the execution of script code in the security context of the target user's browser.
Affected Products
Zabbix before 3.0.32rc1
Zabbix 4.x before 4.0.22rc1
Zabbix 4.1.x through 4.4.x before 4.4.10rc1
Zabbix 5.x before 5.0.2rc1
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.zabbix.com/browse/ZBX-18057
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |