| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-29454 | Persistent XSS in the user form | Zabbix | Zabbix | Medium | 5.4 | 2023-07-13 09:30:28 | Deep Dive |
| CVE-2023-29452 | Remove possibility to add html into Geomap attribution field | Zabbix | Zabbix | Medium | 5.5 | 2023-07-13 09:29:56 | Deep Dive |
| CVE-2023-29451 | Denial of service caused by a bug in the JSON parser | Zabbix | Zabbix | Medium | 4.7 | 2023-07-13 09:29:42 | Deep Dive |
| CVE-2023-29450 | Unauthorized limited filesystem access from preprocessing | Zabbix | Zabbix | High | 8.5 | 2023-07-13 08:25:28 | Deep Dive |
| CVE-2023-29449 | Limited control of resource utilization in JS preprocessing | Zabbix | Zabbix | Medium | 5.9 | 2023-07-13 08:24:01 | Deep Dive |
| CVE-2022-46768 | File name information disclosure vulnerability in Zabbix Web Service Report Generation | Zabbix | Web Service Report Generation | Medium | 5.9 | 2022-12-19 10:00:14 | Deep Dive |
| CVE-2022-43516 | Zabbix Agent installer adds “allow all TCP any any” firewall rule | Zabbix | Zabbix agent (MSI packages) | Medium | 6.5 | 2022-12-12 01:49:10 | Deep Dive |
| CVE-2022-43515 | X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode | Zabbix | Frontend | Medium | 5.3 | 2022-12-12 01:49:10 | Deep Dive |
| CVE-2022-40626 | Reflected XSS in the backurl parameter of Zabbix Frontend | Zabbix | Frontend | Medium | 4.8 | 2022-09-14 06:55:09 | Deep Dive |
| CVE-2022-35230 | Reflected XSS in graphs page of Zabbix Frontend | Zabbix | Frontend | Low | 3.7 | 2022-07-06 11:05:14 | Deep Dive |
| CVE-2022-35229 | Reflected XSS in discovery page of Zabbix Frontend | Zabbix | Frontend | Low | 3.7 | 2022-07-06 11:05:12 | Deep Dive |
| CVE-2022-24919 | Reflected XSS in graph configuration window of Zabbix Frontend | Zabbix | Frontend | Low | 3.7 | 2022-03-09 19:30:31 | Deep Dive |
| CVE-2022-24918 | Reflected XSS in item configuration window of Zabbix Frontend | Zabbix | Frontend | Low | 3.7 | 2022-03-09 19:30:30 | Deep Dive |
| CVE-2022-24917 | Reflected XSS in service configuration window of Zabbix Frontend | Zabbix | Frontend | Low | 3.7 | 2022-03-09 19:30:28 | Deep Dive |
| CVE-2022-24349 | Reflected XSS in action configuration window of Zabbix Frontend | Zabbix | Frontend | Medium | 4.6 | 2022-03-09 19:30:27 | Deep Dive |
| CVE-2022-23134 | Possible view of the setup pages by unauthenticated users if config file already exists | Zabbix | Frontend | Low | 3.7 | 2022-01-13 15:50:43 | Deep Dive |
| CVE-2022-23133 | Stored XSS in host groups configuration window in Zabbix Frontend | Zabbix | Frontend | Medium | 6.3 | 2022-01-13 15:50:42 | Deep Dive |
| CVE-2022-23132 | Incorrect permissions of [/var/run/zabbix] forces dac_override | Zabbix | Proxy, Server | Low | 3.3 | 2022-01-13 15:50:40 | Deep Dive |
| CVE-2022-23131 | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML | Zabbix | Frontend | Critical | 9.1 | 2022-01-13 15:50:39 | Deep Dive |
| CVE-2013-3628 | Zabbix 注入漏洞 | Zabbix | Zabbix | 高危 | - | 2020-02-07 14:19:00 | Deep Dive |