Skip to main content

Frontend

13 CVEs product

Monthly

CVE-2025-49643 MEDIUM PATCH This Month

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.

PHP Denial Of Service Ubuntu Debian Frontend +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27232 MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian Frontend Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-32725 HIGH This Week

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Server Frontend
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-30958 MEDIUM This Month

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29457 MEDIUM PATCH This Month

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29456 MEDIUM PATCH This Month

URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29455 MEDIUM PATCH This Month

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29454 MEDIUM This Month

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43515 CRITICAL POC Act Now

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Frontend
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24919 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24918 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Fedora
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2022-24917 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24349 MEDIUM PATCH This Month

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.

PHP Denial Of Service Ubuntu +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Server Frontend
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Frontend
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Frontend
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Frontend
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Information Disclosure Frontend
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +2
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +1
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +2
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Frontend +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy