Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-13
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
CVSS Score
5.5
EPSS Score
0.018
Published
2023-07-13
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
CVSS Score
8.5
EPSS Score
0.002
Published
2023-07-13
Page 2