Vulnerability CVE-2022-35229: Information

Description

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-35229
Published: July 6, 2022
Modified: Aug. 22, 2023
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
zabbixsisyphus4.0.0-alt16.0.29-alt1ALT-PU-2018-2422-1214129Fixed
zabbixsisyphus_e2k5.4.9-alt16.0.29-alt1ALT-PU-2021-4721-1-Fixed
zabbixp105.4.3-alt16.0.29-alt0.p10.1ALT-PU-2021-2668-1283498Fixed
zabbixp10_e2k5.4.9-alt16.0.29-alt0.p10.1ALT-PU-2021-4717-1-Fixed
zabbixp94.0.0-alt15.0.12-alt0.p9.1ALT-PU-2018-2422-1214129Fixed
zabbixc10f15.4.3-alt16.0.27-alt0.c10f1.1ALT-PU-2021-2668-1283498Fixed
zabbixc9f25.0.38-alt15.0.40-alt1ALT-PU-2023-6268-3329847Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
N/A
  • Issue Tracking
  • Patch
  • Vendor Advisory
[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update
    [debian-lts-announce] 20230822 [SECURITY] [DLA 3538-1] zabbix security update

        1. Configuration 1

          cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
          End excliding
          4.0.0
          cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
          Start including
          5.0.0
          End excliding
          5.0.25
          cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
          Start including
          6.0.0
          End including
          6.0.4
          cpe:2.3:a:zabbix:zabbix:5.0.25:-:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.0
      Back to top