CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
[
{
"vendor": "Zabbix",
"product": "Frontend",
"versions": [
{
"version": "4.0.0-4.0.42",
"status": "affected"
},
{
"version": "5.0.0-5.0.24",
"status": "affected"
},
{
"version": "6.0.0-6.0.4",
"status": "affected"
},
{
"version": "6.2alpha1-6.2beta3",
"status": "affected"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.8%