漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Reflected XSS in action configuration window of Zabbix Frontend
Vulnerability Description
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Zabbix Frontend 跨站脚本漏洞
Vulnerability Description
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。 Zabbix Frontend 存在安全漏洞,经过身份验证的攻击者可以创建带有反射跨站脚本攻击载荷的链接以执行操作页面,并将其发送给其他用户。恶意代码可以访问与网页其余部分相同的所有对象,并且可以对显示给受害者的页面内容进行任意修改。
CVSS Information
N/A
Vulnerability Type
N/A