CVE-2023-32721

Name
CVE-2023-32721
Description
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://support.zabbix.com/browse/ZBX-23389
security@zabbix.com https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:* zabbix == None == 7.0.0
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.4.0 <= 6.4.5
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.0.0 <= 6.0.20
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 5.0.0 <= 5.0.36
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 4.0.0 <= 4.0.47

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zabbix edge-community 7.0.0-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix edge-community 7.0.0-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix edge-community 7.0.0-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable