Lucene search
HistorySep 14, 2022 - 11:15 a.m.
CVE-2022-40626
cve-2022-40626
unauthenticated user
reflected javascript code
fake accounts
zabbix frontend
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.5%
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
Affected configurations
Node
zabbixzabbixRange6.0.0–6.0.6
ORzabbixzabbixMatch6.2.0
Node
fedoraprojectfedoraMatch37
Related
ubuntucve
ubuntucve
CVE-2022-40626
2022-09-14 00:00:00
cvelist
cvelist
CVE-2022-40626 Reflected XSS in the backurl parameter of Zabbix Frontend
2022-07-08 00:00:00
osv
osv
CVE-2022-40626
2022-09-14 11:15:53
cve
cve
CVE-2022-40626
2022-09-14 11:15:53
prion
prion
Code injection
2022-09-14 11:15:00
openvas
openvas
Fedora: Security Advisory for zabbix (FEDORA-2022-0d56cb7ee4)
2022-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: zabbix-6.0.8-1.fc37
2022-09-19 00:23:13
debiancve
debiancve
CVE-2022-40626
2022-09-14 11:15:53
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.5%
Related for NVD:CVE-2022-40626