CVE-2010-2790

Zabbix <1.8.3rc1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

References (6)

[Vendor Advisory] http://secunia.com/advisories/40679

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2010/1908

[Various Sources] http://www.zabbix.com/forum/showthread.php?p=68770

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60772

[Vendor Advisory] https://support.zabbix.com/browse/ZBX-2326

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42017

Scores

EPSS 0.0044

EPSS Percentile 63.0%

Classification

CWE

CWE-79

Status published

Affected Products (50)

zabbix/zabbix

zabbix/zabbix < 1.8.2

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

... and 35 more

Timeline

Published Aug 05, 2010

Tracked Since Feb 18, 2026