First published: Mon Aug 08 2011(Updated: )
A vulnerability was reported [1],[2] in Zabbix where input passed to the "backurl" parameter in acknow.php is improperly sanitized before being returned to the user. This could be used to facilitate a cross-site scripting attack. This flaw is fixed in Zabbix 1.8.6 [3]. [1] <a href="http://secunia.com/advisories/45502">http://secunia.com/advisories/45502</a> [2] <a href="https://support.zabbix.com/browse/ZBX-3835">https://support.zabbix.com/browse/ZBX-3835</a> [3] <a href="http://www.zabbix.com/rn1.8.6.php">http://www.zabbix.com/rn1.8.6.php</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zabbix Zabbix | =1.6.1 | |
Zabbix Zabbix | =1.1-beta2 | |
Zabbix Zabbix | =1.1.2 | |
Zabbix Zabbix | =1.8.4-rc3 | |
Zabbix Zabbix | =1.7.4 | |
Zabbix Zabbix | =1.5.3-beta | |
Zabbix Zabbix | =1.1.4 | |
Zabbix Zabbix | =1.1.6 | |
Zabbix Zabbix | =1.8.3-rc1 | |
Zabbix Zabbix | =1.4.3 | |
Zabbix Zabbix | =1.8.4-rc1 | |
Zabbix Zabbix | =1.6.5 | |
Zabbix Zabbix | =1.4.6 | |
Zabbix Zabbix | =1.6.8 | |
Zabbix Zabbix | =1.1-beta4 | |
Zabbix Zabbix | =1.7.1 | |
Zabbix Zabbix | =1.4.4 | |
Zabbix Zabbix | =1.5.1-beta | |
Zabbix Zabbix | =1.1 | |
Zabbix Zabbix | =1.3.7-beta | |
Zabbix Zabbix | =1.8.4-rc4 | |
Zabbix Zabbix | =1.7.2 | |
Zabbix Zabbix | =1.8 | |
Zabbix Zabbix | =1.8.3-rc2 | |
Zabbix Zabbix | =1.6.3 | |
Zabbix Zabbix | =1.1-beta3 | |
Zabbix Zabbix | =1.3.1-beta | |
Zabbix Zabbix | =1.3.2-beta | |
Zabbix Zabbix | =1.6.2 | |
Zabbix Zabbix | =1.8.3-rc3 | |
Zabbix Zabbix | =1.7 | |
Zabbix Zabbix | =1.3.5-beta | |
Zabbix Zabbix | =1.1.7 | |
Zabbix Zabbix | =1.6 | |
Zabbix Zabbix | =1.6.7 | |
Zabbix Zabbix | =1.6.4 | |
Zabbix Zabbix | =1.1-beta9 | |
Zabbix Zabbix | =1.1-beta10 | |
Zabbix Zabbix | =1.3.8-beta | |
Zabbix Zabbix | =1.7.3 | |
Zabbix Zabbix | =1.1-beta6 | |
Zabbix Zabbix | =1.8.2 | |
Zabbix Zabbix | =1.3.6-beta | |
Zabbix Zabbix | =1.5.4-beta | |
Zabbix Zabbix | =1.1.1 | |
Zabbix Zabbix | =1.1-beta8 | |
Zabbix Zabbix | =1.8.3 | |
Zabbix Zabbix | =1.1-beta11 | |
Zabbix Zabbix | =1.1-beta7 | |
Zabbix Zabbix | =1.1.3 | |
Zabbix Zabbix | =1.8.1 | |
Zabbix Zabbix | =1.6.6 | |
Zabbix Zabbix | =1.6.9 | |
Zabbix Zabbix | =1.4.5 | |
Zabbix Zabbix | <=1.8.5 | |
Zabbix Zabbix | =1.3.4-beta | |
Zabbix Zabbix | =1.1-beta5 | |
Zabbix Zabbix | =1.8.4 | |
Zabbix Zabbix | =1.5-beta | |
Zabbix Zabbix | =1.4.2 | |
Zabbix Zabbix | =1.1-beta12 | |
Zabbix Zabbix | =1.8.4-rc2 | |
Zabbix Zabbix | =1.1.5 | |
Zabbix Zabbix | =1.5.2-beta | |
Zabbix Zabbix | =1.8.5-rc1 | |
Zabbix Zabbix | =1.3.3-beta | |
Zabbix Zabbix | =1.3-beta | |
redhat/zabbix | <1.8.6 | 1.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.