What is the severity of CVE-2010-2790?

CVE-2010-2790 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2010-2790?

To fix CVE-2010-2790, upgrade your Zabbix installation to version 1.8.3rc1 or later.

What versions of Zabbix are affected by CVE-2010-2790?

CVE-2010-2790 affects Zabbix versions 1.1 through 1.8.2, including various beta releases.

What type of attack does CVE-2010-2790 enable?

CVE-2010-2790 enables remote attackers to perform cross-site scripting (XSS) attacks, allowing injection of arbitrary web scripts.

Is there a workaround for CVE-2010-2790 if I cannot upgrade?

While upgrading is the best solution, implementing input validation for the affected parameters may serve as a temporary workaround.

Vulnerability/
CVE-2010-2790

medium

4.3

CWE

5/8/2010

7/11/2023

CVE-2010-2790: XSS

First published: Thu Aug 05 2010(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Zabbix Zabbix	=1.6.1
Zabbix Zabbix	=1.1-beta2
Zabbix Zabbix	=1.1.2
Zabbix Zabbix	=1.7.4
Zabbix Zabbix	=1.5.3-beta
Zabbix Zabbix	=1.1.4
Zabbix Zabbix	=1.1.6
Zabbix Zabbix	=1.4.3
Zabbix Zabbix	=1.6.5
Zabbix Zabbix	=1.4.6
Zabbix Zabbix	=1.6.8
Zabbix Zabbix	=1.1-beta4
Zabbix Zabbix	=1.7.1
Zabbix Zabbix	=1.4.4
Zabbix Zabbix	=1.5.1-beta
Zabbix Zabbix	=1.1
Zabbix Zabbix	=1.3.7-beta
Zabbix Zabbix	=1.7.2
Zabbix Zabbix	=1.8
Zabbix Zabbix	=1.6.3
Zabbix Zabbix	=1.1-beta3
Zabbix Zabbix	=1.3.1-beta
Zabbix Zabbix	=1.3.2-beta
Zabbix Zabbix	=1.6.2
Zabbix Zabbix	=1.7
Zabbix Zabbix	=1.3.5-beta
Zabbix Zabbix	=1.1.7
Zabbix Zabbix	=1.6
Zabbix Zabbix	=1.6.7
Zabbix Zabbix	=1.6.4
Zabbix Zabbix	=1.1-beta9
Zabbix Zabbix	=1.1-beta10
Zabbix Zabbix	=1.3.8-beta
Zabbix Zabbix	=1.7.3
Zabbix Zabbix	=1.1-beta6
Zabbix Zabbix	=1.3.6-beta
Zabbix Zabbix	=1.5.4-beta
Zabbix Zabbix	=1.1.1
Zabbix Zabbix	=1.1-beta8
Zabbix Zabbix	=1.1-beta11
Zabbix Zabbix	=1.1-beta7
Zabbix Zabbix	=1.1.3
Zabbix Zabbix	=1.8.1
Zabbix Zabbix	=1.6.6
Zabbix Zabbix	=1.6.9
Zabbix Zabbix	=1.4.5
Zabbix Zabbix	=1.3.4-beta
Zabbix Zabbix	=1.1-beta5
Zabbix Zabbix	=1.5-beta
Zabbix Zabbix	=1.4.2
Zabbix Zabbix	=1.1-beta12
Zabbix Zabbix	=1.1.5
Zabbix Zabbix	<=1.8.2
Zabbix Zabbix	=1.5.2-beta
Zabbix Zabbix	=1.3.3-beta
Zabbix Zabbix	=1.3-beta

Remedy

http://www.vupen.com/english/advisories/2010/1908

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2790?
CVE-2010-2790 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2010-2790?
To fix CVE-2010-2790, upgrade your Zabbix installation to version 1.8.3rc1 or later.
What versions of Zabbix are affected by CVE-2010-2790?
CVE-2010-2790 affects Zabbix versions 1.1 through 1.8.2, including various beta releases.
What type of attack does CVE-2010-2790 enable?
CVE-2010-2790 enables remote attackers to perform cross-site scripting (XSS) attacks, allowing injection of arbitrary web scripts.
Is there a workaround for CVE-2010-2790 if I cannot upgrade?
While upgrading is the best solution, implementing input validation for the affected parameters may serve as a temporary workaround.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-api
collector/nvd-historical
collector/nvd-index
vendor/zabbix
canonical/zabbix zabbix
version/zabbix zabbix/1.8.2
version/zabbix zabbix/1.1
version/zabbix zabbix/1.1-beta10
version/zabbix zabbix/1.1-beta11
version/zabbix zabbix/1.1-beta12
version/zabbix zabbix/1.1-beta2
version/zabbix zabbix/1.1-beta3
version/zabbix zabbix/1.1-beta4
version/zabbix zabbix/1.1-beta5
version/zabbix zabbix/1.1-beta6
version/zabbix zabbix/1.1-beta7
version/zabbix zabbix/1.1-beta8
version/zabbix zabbix/1.1-beta9
version/zabbix zabbix/1.1.1
version/zabbix zabbix/1.1.2
version/zabbix zabbix/1.1.3
version/zabbix zabbix/1.1.4
version/zabbix zabbix/1.1.5
version/zabbix zabbix/1.1.6
version/zabbix zabbix/1.1.7
version/zabbix zabbix/1.3-beta
version/zabbix zabbix/1.3.1-beta
version/zabbix zabbix/1.3.2-beta
version/zabbix zabbix/1.3.3-beta
version/zabbix zabbix/1.3.4-beta
version/zabbix zabbix/1.3.5-beta
version/zabbix zabbix/1.3.6-beta
version/zabbix zabbix/1.3.7-beta
version/zabbix zabbix/1.3.8-beta
version/zabbix zabbix/1.4.2
version/zabbix zabbix/1.4.3
version/zabbix zabbix/1.4.4
version/zabbix zabbix/1.4.5
version/zabbix zabbix/1.4.6
version/zabbix zabbix/1.5-beta
version/zabbix zabbix/1.5.1-beta
version/zabbix zabbix/1.5.2-beta
version/zabbix zabbix/1.5.3-beta
version/zabbix zabbix/1.5.4-beta
version/zabbix zabbix/1.6
version/zabbix zabbix/1.6.1
version/zabbix zabbix/1.6.2
version/zabbix zabbix/1.6.3
version/zabbix zabbix/1.6.4
version/zabbix zabbix/1.6.5
version/zabbix zabbix/1.6.6
version/zabbix zabbix/1.6.7
version/zabbix zabbix/1.6.8
version/zabbix zabbix/1.6.9
version/zabbix zabbix/1.7
version/zabbix zabbix/1.7.1
version/zabbix zabbix/1.7.2
version/zabbix zabbix/1.7.3
version/zabbix zabbix/1.7.4
version/zabbix zabbix/1.8
version/zabbix zabbix/1.8.1

CVE-2010-2790: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2790?

How do I fix CVE-2010-2790?

What versions of Zabbix are affected by CVE-2010-2790?

What type of attack does CVE-2010-2790 enable?

Is there a workaround for CVE-2010-2790 if I cannot upgrade?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2010-2790?

How do I fix CVE-2010-2790?

What versions of Zabbix are affected by CVE-2010-2790?

What type of attack does CVE-2010-2790 enable?

Is there a workaround for CVE-2010-2790 if I cannot upgrade?