Skip to main content

Frontend CVE-2023-29455

MEDIUM
Improper Input Validation (CWE-20)
2023-07-13 security@zabbix.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 13, 2023 - 10:15 nvd
MEDIUM 6.1

DescriptionNVD

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.

AnalysisAI

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. Affected products include: Zabbix Frontend.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-43515 CRITICAL POC
9.8 Dec 05

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addre

CVE-2023-32725 HIGH
8.8 Dec 18

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rate

CVE-2025-49643 MEDIUM
6.5 Dec 01

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending sp

CVE-2023-30958 MEDIUM
6.1 Aug 03

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundr

CVE-2023-29457 MEDIUM
6.1 Jul 13

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated m

CVE-2023-29456 MEDIUM
5.4 Jul 13

URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium sev

CVE-2023-29454 MEDIUM
5.4 Jul 13

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web a

CVE-2025-27232 MEDIUM
4.9 Dec 01

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver le

CVE-2022-24919 MEDIUM
4.4 Mar 09

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other u

CVE-2022-24918 MEDIUM
4.4 Mar 09

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other us

CVE-2022-24917 MEDIUM
4.4 Mar 09

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other

CVE-2022-24349 MEDIUM
4.4 Mar 09

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated

Share

CVE-2023-29455 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy