CVE-2011-5027
Description
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in ZABBIX profiler before 1.8.10 allows remote attackers to inject arbitrary web script or HTML.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the profiler component of ZABBIX versions prior to 1.8.10. The issue is present in version 1.8.5 and possibly others, and is triggered via unspecified vectors related to the profiler [1]. The vulnerability allows injection of arbitrary web script or HTML.
Exploitation
An attacker can exploit this vulnerability by sending a crafted request to the profiler component. No authentication is required, as the profiler is accessible to remote users. The exact attack vector is not publicly detailed, but the bug is classified as a security defect with blocker priority [1].
Impact
Successful exploitation enables an attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to information disclosure, session hijacking, or defacement of the ZABBIX interface.
Mitigation
The vulnerability is fixed in ZABBIX version 1.8.10 [1]. Users should upgrade to this version or later. No workarounds are documented in the available references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
85cpe:2.3:a:zabbix:zabbix:1.1:*:*:*:*:*:*:*+ 84 more
- cpe:2.3:a:zabbix:zabbix:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta10:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta11:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta12:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta4:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta5:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta6:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta7:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta8:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1:beta9:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.1:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.2:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.3:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.4:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.5:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.6:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.7:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3.8:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.3:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.5.1:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.5.2:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.5.3:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.5.4:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.5:beta:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc4:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.4:rc4:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.8:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.8:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.9:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:*:rc2:*:*:*:*:*:*range: <=1.8.10
- (no CPE)range: < 1.8.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/47216nvdVendor Advisory
- support.zabbix.com/browse/ZBX-4015nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.htmlnvd
- osvdb.org/77772nvd
- www.securityfocus.com/bid/51093nvd
- www.zabbix.com/rn1.8.10.phpnvd
News mentions
0No linked articles in our index yet.