Frontend — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Frontend, with AI-generated Chinese analysis, references, and POCs.

Vendor: Zabbix

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-64758	@dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message CWE-79	4.8	Medium	2025-11-17
CVE-2022-43515	X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode CWE-20	5.3	Medium	2022-12-12
CVE-2022-39350	@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details CWE-79	5.4	Medium	2022-10-25
CVE-2022-40626	Reflected XSS in the backurl parameter of Zabbix Frontend CWE-79	4.8	Medium	2022-09-14
CVE-2022-35230	Reflected XSS in graphs page of Zabbix Frontend CWE-79	3.7	Low	2022-07-06
CVE-2022-35229	Reflected XSS in discovery page of Zabbix Frontend CWE-79	3.7	Low	2022-07-06
CVE-2022-24919	Reflected XSS in graph configuration window of Zabbix Frontend CWE-79	3.7	Low	2022-03-09
CVE-2022-24918	Reflected XSS in item configuration window of Zabbix Frontend CWE-79	3.7	Low	2022-03-09
CVE-2022-24917	Reflected XSS in service configuration window of Zabbix Frontend CWE-79	3.7	Low	2022-03-09
CVE-2022-24349	Reflected XSS in action configuration window of Zabbix Frontend CWE-79	4.6	Medium	2022-03-09
CVE-2022-23134	Possible view of the setup pages by unauthenticated users if config file already exists CWE-284	3.7	Low	2022-01-13
CVE-2022-23133	Stored XSS in host groups configuration window in Zabbix Frontend CWE-79	6.3	Medium	2022-01-13
CVE-2022-23131	Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML CWE-290	9.1	Critical	2022-01-13

All 13 known CVE vulnerabilities affecting Frontend with full Chinese analysis, references, and POCs where available.