4.3

CVE-2011-4615

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZabbixZabbix Updaterc2 Version <= 1.8.10
ZabbixZabbix Version1.1
ZabbixZabbix Version1.1 Updatebeta10
ZabbixZabbix Version1.1 Updatebeta11
ZabbixZabbix Version1.1 Updatebeta12
ZabbixZabbix Version1.1 Updatebeta2
ZabbixZabbix Version1.1 Updatebeta3
ZabbixZabbix Version1.1 Updatebeta4
ZabbixZabbix Version1.1 Updatebeta5
ZabbixZabbix Version1.1 Updatebeta6
ZabbixZabbix Version1.1 Updatebeta7
ZabbixZabbix Version1.1 Updatebeta8
ZabbixZabbix Version1.1 Updatebeta9
ZabbixZabbix Version1.1.1
ZabbixZabbix Version1.1.2
ZabbixZabbix Version1.1.3
ZabbixZabbix Version1.1.4
ZabbixZabbix Version1.1.5
ZabbixZabbix Version1.1.6
ZabbixZabbix Version1.1.7
ZabbixZabbix Version1.3 Updatebeta
ZabbixZabbix Version1.3.1 Updatebeta
ZabbixZabbix Version1.3.2 Updatebeta
ZabbixZabbix Version1.3.3 Updatebeta
ZabbixZabbix Version1.3.4 Updatebeta
ZabbixZabbix Version1.3.5 Updatebeta
ZabbixZabbix Version1.3.6 Updatebeta
ZabbixZabbix Version1.3.7 Updatebeta
ZabbixZabbix Version1.3.8 Updatebeta
ZabbixZabbix Version1.4
ZabbixZabbix Version1.4.1
ZabbixZabbix Version1.4.2
ZabbixZabbix Version1.4.3
ZabbixZabbix Version1.4.4
ZabbixZabbix Version1.4.5
ZabbixZabbix Version1.4.6
ZabbixZabbix Version1.5 Updatebeta
ZabbixZabbix Version1.5.1 Updatebeta
ZabbixZabbix Version1.5.2 Updatebeta
ZabbixZabbix Version1.5.3 Updatebeta
ZabbixZabbix Version1.5.4 Updatebeta
ZabbixZabbix Version1.6
ZabbixZabbix Version1.6.1
ZabbixZabbix Version1.6.2
ZabbixZabbix Version1.6.3
ZabbixZabbix Version1.6.4
ZabbixZabbix Version1.6.5
ZabbixZabbix Version1.6.6
ZabbixZabbix Version1.6.7
ZabbixZabbix Version1.6.8
ZabbixZabbix Version1.6.9
ZabbixZabbix Version1.7
ZabbixZabbix Version1.7.1
ZabbixZabbix Version1.7.2
ZabbixZabbix Version1.7.3
ZabbixZabbix Version1.7.4
ZabbixZabbix Version1.8
ZabbixZabbix Version1.8.1
ZabbixZabbix Version1.8.2
ZabbixZabbix Version1.8.3
ZabbixZabbix Version1.8.3 Updaterc1
ZabbixZabbix Version1.8.3 Updaterc2
ZabbixZabbix Version1.8.3 Updaterc3
ZabbixZabbix Version1.8.3 Updaterc4
ZabbixZabbix Version1.8.4
ZabbixZabbix Version1.8.4 Updaterc1
ZabbixZabbix Version1.8.4 Updaterc2
ZabbixZabbix Version1.8.4 Updaterc3
ZabbixZabbix Version1.8.4 Updaterc4
ZabbixZabbix Version1.8.5
ZabbixZabbix Version1.8.5 Updaterc1
ZabbixZabbix Version1.8.6
ZabbixZabbix Version1.8.6 Updaterc1
ZabbixZabbix Version1.8.6 Updaterc2
ZabbixZabbix Version1.8.7
ZabbixZabbix Version1.8.7 Updaterc1
ZabbixZabbix Version1.8.8
ZabbixZabbix Version1.8.8 Updaterc1
ZabbixZabbix Version1.8.8 Updaterc2
ZabbixZabbix Version1.8.8 Updaterc3
ZabbixZabbix Version1.8.9
ZabbixZabbix Version1.8.9 Updaterc1
ZabbixZabbix Version1.8.9 Updaterc2
ZabbixZabbix Version1.8.10 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.651
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.