CVE-2020-15803

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:3.0.32:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:4.0.22:-:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:4.0.22:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:4.4.10:-:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:4.4.10:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:5.0.2:-:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:5.0.2:rc1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:backports:sle-15:sp2:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-17 03:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-15803

Mitre link : CVE-2020-15803

CVE.ORG link : CVE-2020-15803


JSON object : View

Products Affected

opensuse

  • backports
  • leap

debian

  • debian_linux

fedoraproject

  • fedora

zabbix

  • zabbix
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')