Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zabbix frontend vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious c...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.4
CVSSv3
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed ...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5.3
CVSSv3
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Zabbix Zabbix 6.0.0
Zabbix Zabbix
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and g...
Zabbix Zabbix
Zabbix Zabbix 6.0.0
23 Github repositories
9.8
CVSSv3
CVE-2016-10134
SQL injection vulnerability in Zabbix prior to 2.2.14 and 3.0 prior to 3.0.4 allows remote malicious users to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Zabbix Zabbix 3.0.2
Zabbix Zabbix 3.0.1
Zabbix Zabbix 3.0.0
Zabbix Zabbix
Zabbix Zabbix 3.0.3
NA
CVE-2014-9450
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix prior to 1.8.22, 2.0.x prior to 2.0.14, and 2.2.x prior to 2.2.8 allow remote malicious users to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.2.7
Zabbix Zabbix 2.0.4
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.0.12
Zabbix Zabbix 2.2.3
Zabbix Zabbix 2.2.2
Zabbix Zabbix 2.0.6
Zabbix Zabbix 2.0.3
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.2.6
Zabbix Zabbix 2.0.10
Zabbix Zabbix 2.0.11
Zabbix Zabbix 2.2.4
Zabbix Zabbix 2.2.1
Zabbix Zabbix
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.2.5
Zabbix Zabbix 2.0.8
Zabbix Zabbix 2.0.13
Zabbix Zabbix 2.0.7
NA
CVE-2014-1685
The Frontend in Zabbix prior to 1.8.20rc2, 2.0.x prior to 2.0.11rc2, and 2.2.x prior to 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.0.0
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.0.4
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.0.6
Zabbix Zabbix 2.0.3
Zabbix Zabbix 1.8.16
Zabbix Zabbix 2.2.1
Zabbix Zabbix 1.8.3
Zabbix Zabbix 2.0.10
Zabbix Zabbix 1.8.18
Zabbix Zabbix 1.8
Zabbix Zabbix 2.0.2
Zabbix Zabbix 1.8.15
Zabbix Zabbix 1.8.2
Zabbix Zabbix 2.0.8
Fedoraproject Fedora 20
Zabbix Zabbix 1.8.1
Zabbix Zabbix 2.0.7
Fedoraproject Fedora 19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2