Vulnerability Details CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 4.8
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/
- https://support.zabbix.com/browse/ZBX-21350
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPU4RCRYVNVM3SS523UQXE63ATCTEX5G/
- https://support.zabbix.com/browse/ZBX-21350
Products affected by CVE-2022-40626
-
cpe:2.3:a:zabbix:zabbix:6.0.0
-
cpe:2.3:a:zabbix:zabbix:6.0.1
-
cpe:2.3:a:zabbix:zabbix:6.0.2
-
cpe:2.3:a:zabbix:zabbix:6.0.3
-
cpe:2.3:a:zabbix:zabbix:6.0.4
-
cpe:2.3:a:zabbix:zabbix:6.0.5
-
cpe:2.3:a:zabbix:zabbix:6.0.6
-
cpe:2.3:a:zabbix:zabbix:6.2.0
-
cpe:2.3:o:fedoraproject:fedora:37