Unrated severityNVD Advisory· Published Jul 6, 2022· Updated Nov 3, 2025

Reflected XSS in graphs page of Zabbix Frontend

CVE-2022-35230

Description

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zabbix/Zabbixllm-fuzzy
osv-coords2 versions
pkg:rpm/suse/zabbix&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/zabbix&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.0.12-4.18.1+ 1 more
- (no CPE)range: < 4.0.12-4.18.1
- (no CPE)range: < 4.0.12-4.18.1
Zabbix/Frontendv5
Range: 4.0.0-4.0.42

Patches

Vulnerability mechanics

References

lists.debian.org/debian-lts-announce/2023/04/msg00013.htmlmitremailing-list
support.zabbix.com/browse/ZBX-21305mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000