Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected XSS in discovery page of Zabbix Frontend
Vulnerability Description
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Zabbix Frontend 跨站脚本漏洞
Vulnerability Description
Zabbix Frontend是美国Zabbix公司的一个监控软件前端工具。 Zabbix Frontend存在安全漏洞,该漏洞源于经过身份验证的用户可以为发现页面创建一个内含反射Javascript代码的链接并将其发送给其他用户。该有效载荷只有在受害者的CSRF令牌值已知的情况下才能执行,该值会周期性地改变并且很难预测。
CVSS Information
N/A
Vulnerability Type
N/A