Unvalidated Name Field on Graph Page Leads to Injection in Items Section
CVE-2024-22119 Published on February 9, 2024
Stored XSS in graph items select form
The cause of vulnerability is improper validation of form input field Name on Graph page in Items section.
Vulnerability Analysis
CVE-2024-22119 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-22119. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2024-22119
Want to know whenever a new CVE is published for Zabbix? stack.watch will email you.
Affected Versions
Zabbix:- Version 5.0.0, <= 5.0.39 is affected.
- Version 6.0.0, <= 6.0.23 is affected.
- Version 6.4.0, <= 6.4.8 is affected.
- Version 7.0.0alpha1, <= 7.0.0alpha7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.