VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026

CVE-2010-2790

CVE-2010-2790

Description

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple XSS vulnerabilities in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script via parameters to the triggers page.

Vulnerability

The formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before version 1.8.3rc1 is vulnerable to multiple cross-site scripting (XSS) attacks. The filter_set, show_details, filter_rst, and txt_select parameters passed to the triggers page (tr_status.php) are not properly sanitized, allowing injection of arbitrary web script or HTML [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing XSS payloads in any of the four parameters and tricking a victim into clicking the link. No authentication is required, and the attack is performed remotely over HTTP. The injected script executes in the context of the victim's browser session with the Zabbix frontend.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, defacement of the Zabbix interface, or theft of sensitive information displayed on the triggers page.

Mitigation

The vulnerability is fixed in Zabbix 1.8.3rc1, released on 2010-08-05 [1]. Users should upgrade to this version or later. No workarounds are documented in the available references.

References
  1. Zabbix 1.8.3rc1 released - ZABBIX Forums
  2. Loading...

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

57
  • Zabbix/Zabbix57 versions
    cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 56 more
    • cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: <=1.8.2
    • cpe:2.3:a:zabbix:zabbix:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta10:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta11:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta12:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta3:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta4:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta5:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta6:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta7:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta8:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.1:beta9:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.6:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3.8:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.5.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.5.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.5.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.5.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.8.3rc1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.