CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:6.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

History

07 Nov 2023, 03:52

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/', 'name': 'FEDORA-2022-0d56cb7ee4', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/ -

30 Sep 2022, 19:15

Type Values Removed Values Added
First Time Fedoraproject
Fedoraproject fedora
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

19 Sep 2022, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/ -

16 Sep 2022, 03:15

Type Values Removed Values Added
References (MISC) https://support.zabbix.com/browse/ZBX-21350 - (MISC) https://support.zabbix.com/browse/ZBX-21350 - Issue Tracking, Patch, Vendor Advisory
First Time Zabbix zabbix
Zabbix
CPE cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:6.2.0:*:*:*:*:*:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

14 Sep 2022, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-14 11:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-40626

Mitre link : CVE-2022-40626

CVE.ORG link : CVE-2022-40626


JSON object : View

Products Affected

zabbix

  • zabbix

fedoraproject

  • fedora
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')