Unrated severityNVD Advisory· Published Sep 14, 2022· Updated Sep 16, 2024
Reflected XSS in the backurl parameter of Zabbix Frontend
CVE-2022-40626
Description
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Zabbix/Frontendv5Range: 6.0.0-6.0.6
Patches
Vulnerability mechanics
References
2- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/mitrevendor-advisoryx_refsource_FEDORA
- support.zabbix.com/browse/ZBX-21350mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.