Unrated severityNVD Advisory· Published Jul 6, 2022· Updated Nov 3, 2025
Reflected XSS in discovery page of Zabbix Frontend
CVE-2022-35229
Description
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zabbix/Frontendv5Range: 4.0.0-4.0.42
Patches
Vulnerability mechanics
References
3- lists.debian.org/debian-lts-announce/2023/04/msg00013.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/08/msg00027.htmlmitremailing-list
- support.zabbix.com/browse/ZBX-21306mitre
News mentions
0No linked articles in our index yet.