Frontend
CVE-2023-29455
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
AnalysisAI
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. Affected products include: Zabbix Frontend.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addre
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rate
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending sp
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundr
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated m
URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium sev
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web a
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver le
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other u
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other us
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today