CVE-2011-4615

EUVD-2011-4539
Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
zabbixzabbix
𝑥
≤ 1.8.10
zabbixzabbix
1.1
zabbixzabbix
1.1:beta10
zabbixzabbix
1.1:beta11
zabbixzabbix
1.1:beta12
zabbixzabbix
1.1:beta2
zabbixzabbix
1.1:beta3
zabbixzabbix
1.1:beta4
zabbixzabbix
1.1:beta5
zabbixzabbix
1.1:beta6
zabbixzabbix
1.1:beta7
zabbixzabbix
1.1:beta8
zabbixzabbix
1.1:beta9
zabbixzabbix
1.1.1
zabbixzabbix
1.1.2
zabbixzabbix
1.1.3
zabbixzabbix
1.1.4
zabbixzabbix
1.1.5
zabbixzabbix
1.1.6
zabbixzabbix
1.1.7
zabbixzabbix
1.3:beta
zabbixzabbix
1.3.1:beta
zabbixzabbix
1.3.2:beta
zabbixzabbix
1.3.3:beta
zabbixzabbix
1.3.4:beta
zabbixzabbix
1.3.5:beta
zabbixzabbix
1.3.6:beta
zabbixzabbix
1.3.7:beta
zabbixzabbix
1.3.8:beta
zabbixzabbix
1.4
zabbixzabbix
1.4.1
zabbixzabbix
1.4.2
zabbixzabbix
1.4.3
zabbixzabbix
1.4.4
zabbixzabbix
1.4.5
zabbixzabbix
1.4.6
zabbixzabbix
1.5:beta
zabbixzabbix
1.5.1:beta
zabbixzabbix
1.5.2:beta
zabbixzabbix
1.5.3:beta
zabbixzabbix
1.5.4:beta
zabbixzabbix
1.6
zabbixzabbix
1.6.1
zabbixzabbix
1.6.2
zabbixzabbix
1.6.3
zabbixzabbix
1.6.4
zabbixzabbix
1.6.5
zabbixzabbix
1.6.6
zabbixzabbix
1.6.7
zabbixzabbix
1.6.8
zabbixzabbix
1.6.9
zabbixzabbix
1.7
zabbixzabbix
1.7.1
zabbixzabbix
1.7.2
zabbixzabbix
1.7.3
zabbixzabbix
1.7.4
zabbixzabbix
1.8
zabbixzabbix
1.8.1
zabbixzabbix
1.8.2
zabbixzabbix
1.8.3
zabbixzabbix
1.8.3:rc1
zabbixzabbix
1.8.3:rc2
zabbixzabbix
1.8.3:rc3
zabbixzabbix
1.8.3:rc4
zabbixzabbix
1.8.4
zabbixzabbix
1.8.4:rc1
zabbixzabbix
1.8.4:rc2
zabbixzabbix
1.8.4:rc3
zabbixzabbix
1.8.4:rc4
zabbixzabbix
1.8.5
zabbixzabbix
1.8.5:rc1
zabbixzabbix
1.8.6
zabbixzabbix
1.8.6:rc1
zabbixzabbix
1.8.6:rc2
zabbixzabbix
1.8.7
zabbixzabbix
1.8.7:rc1
zabbixzabbix
1.8.8
zabbixzabbix
1.8.8:rc1
zabbixzabbix
1.8.8:rc2
zabbixzabbix
1.8.8:rc3
zabbixzabbix
1.8.9
zabbixzabbix
1.8.9:rc1
zabbixzabbix
1.8.9:rc2
zabbixzabbix
1.8.10:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bookworm
1:6.0.14+dfsg-1
fixed
bullseye
1:5.0.8+dfsg-1
fixed
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
sid
1:7.0.5+dfsg-1
fixed
squeeze
no-dsa
trixie
1:7.0.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html
http://osvdb.org/77771
http://secunia.com/advisories/47216
http://www.securityfocus.com/bid/51093
http://www.zabbix.com/rn1.8.10.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/71855
https://support.zabbix.com/browse/ZBX-4015
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html
http://osvdb.org/77771
http://secunia.com/advisories/47216
http://www.securityfocus.com/bid/51093
http://www.zabbix.com/rn1.8.10.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/71855
https://support.zabbix.com/browse/ZBX-4015