CVE-2011-4615

Zabbix < 1.8.10 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.

References (8)

Scores

EPSS 0.0054
EPSS Percentile 67.5%

Classification

CWE
CWE-79
Status published

Affected Products (50)

zabbix/zabbix < 1.8.10
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
zabbix/zabbix
... and 35 more

Timeline

Published Dec 29, 2011
Tracked Since Feb 18, 2026