CVE-2010-2790

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php).  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
zabbixzabbix
𝑥
≤ 1.8.2
zabbixzabbix
1.1
zabbixzabbix
1.1:beta10
zabbixzabbix
1.1:beta11
zabbixzabbix
1.1:beta12
zabbixzabbix
1.1:beta2
zabbixzabbix
1.1:beta3
zabbixzabbix
1.1:beta4
zabbixzabbix
1.1:beta5
zabbixzabbix
1.1:beta6
zabbixzabbix
1.1:beta7
zabbixzabbix
1.1:beta8
zabbixzabbix
1.1:beta9
zabbixzabbix
1.1.1
zabbixzabbix
1.1.2
zabbixzabbix
1.1.3
zabbixzabbix
1.1.4
zabbixzabbix
1.1.5
zabbixzabbix
1.1.6
zabbixzabbix
1.1.7
zabbixzabbix
1.3:beta
zabbixzabbix
1.3.1:beta
zabbixzabbix
1.3.2:beta
zabbixzabbix
1.3.3:beta
zabbixzabbix
1.3.4:beta
zabbixzabbix
1.3.5:beta
zabbixzabbix
1.3.6:beta
zabbixzabbix
1.3.7:beta
zabbixzabbix
1.3.8:beta
zabbixzabbix
1.4.2
zabbixzabbix
1.4.3
zabbixzabbix
1.4.4
zabbixzabbix
1.4.5
zabbixzabbix
1.4.6
zabbixzabbix
1.5:beta
zabbixzabbix
1.5.1:beta
zabbixzabbix
1.5.2:beta
zabbixzabbix
1.5.3:beta
zabbixzabbix
1.5.4:beta
zabbixzabbix
1.6
zabbixzabbix
1.6.1
zabbixzabbix
1.6.2
zabbixzabbix
1.6.3
zabbixzabbix
1.6.4
zabbixzabbix
1.6.5
zabbixzabbix
1.6.6
zabbixzabbix
1.6.7
zabbixzabbix
1.6.8
zabbixzabbix
1.6.9
zabbixzabbix
1.7
zabbixzabbix
1.7.1
zabbixzabbix
1.7.2
zabbixzabbix
1.7.3
zabbixzabbix
1.7.4
zabbixzabbix
1.8
zabbixzabbix
1.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bullseye
1:5.0.8+dfsg-1
fixed
lenny
no-dsa
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
bookworm
1:6.0.14+dfsg-1
fixed
sid
1:7.0.5+dfsg-1
fixed
trixie
1:7.0.5+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/40679
http://www.securityfocus.com/bid/42017
http://www.vupen.com/english/advisories/2010/1908
http://www.zabbix.com/forum/showthread.php?p=68770
https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
https://support.zabbix.com/browse/ZBX-2326
http://secunia.com/advisories/40679
http://www.securityfocus.com/bid/42017
http://www.vupen.com/english/advisories/2010/1908
http://www.zabbix.com/forum/showthread.php?p=68770
https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
https://support.zabbix.com/browse/ZBX-2326