CVE-2011-4615: XSS
First published: Thu Dec 29 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zabbix Server | =1.6.1 | |
| Zabbix Server | =1.8.5 | |
| Zabbix Server | =1.1-beta2 | |
| Zabbix Server | =1.1.2 | |
| Zabbix Server | =1.8.4-rc3 | |
| Zabbix Server | =1.4 | |
| Zabbix Server | =1.8.8 | |
| Zabbix Server | =1.7.4 | |
| Zabbix Server | =1.5.3-beta | |
| Zabbix Server | =1.1.4 | |
| Zabbix Server | =1.1.6 | |
| Zabbix Server | =1.8.3-rc1 | |
| Zabbix Server | =1.8.7-rc1 | |
| Zabbix Server | =1.4.3 | |
| Zabbix Server | =1.8.4-rc1 | |
| Zabbix Server | =1.6.5 | |
| Zabbix Server | =1.4.6 | |
| Zabbix Server | =1.6.8 | |
| Zabbix Server | =1.8.9-rc2 | |
| Zabbix Server | =1.8.6-rc2 | |
| Zabbix Server | =1.8.6 | |
| Zabbix Server | =1.1-beta4 | |
| Zabbix Server | =1.7.1 | |
| Zabbix Server | =1.4.4 | |
| Zabbix Server | =1.5.1-beta | |
| Zabbix Server | =1.1 | |
| Zabbix Server | =1.3.7-beta | |
| Zabbix Server | =1.8.4-rc4 | |
| Zabbix Server | =1.7.2 | |
| Zabbix Server | =1.8 | |
| Zabbix Server | =1.8.3-rc2 | |
| Zabbix Server | =1.6.3 | |
| Zabbix Server | =1.1-beta3 | |
| Zabbix Server | =1.3.1-beta | |
| Zabbix Server | =1.3.2-beta | |
| Zabbix Server | =1.6.2 | |
| Zabbix Server | =1.8.3-rc3 | |
| Zabbix Server | =1.7 | |
| Zabbix Server | =1.3.5-beta | |
| Zabbix Server | =1.1.7 | |
| Zabbix Server | =1.6 | |
| Zabbix Server | =1.6.7 | |
| Zabbix Server | =1.6.4 | |
| Zabbix Server | =1.1-beta9 | |
| Zabbix Server | =1.1-beta10 | |
| Zabbix Server | =1.3.8-beta | |
| Zabbix Server | =1.7.3 | |
| Zabbix Server | =1.1-beta6 | |
| Zabbix Server | =1.8.2 | |
| Zabbix Server | =1.8.9-rc1 | |
| Zabbix Server | =1.8.6-rc1 | |
| Zabbix Server | =1.8.8-rc2 | |
| Zabbix Server | =1.3.6-beta | |
| Zabbix Server | =1.5.4-beta | |
| Zabbix Server | =1.8.8-rc3 | |
| Zabbix Server | =1.1.1 | |
| Zabbix Server | =1.8.3-rc4 | |
| Zabbix Server | =1.4.1 | |
| Zabbix Server | =1.8.9 | |
| Zabbix Server | =1.1-beta8 | |
| Zabbix Server | =1.8.3 | |
| Zabbix Server | =1.1-beta11 | |
| Zabbix Server | =1.1-beta7 | |
| Zabbix Server | =1.1.3 | |
| Zabbix Server | =1.8.1 | |
| Zabbix Server | =1.6.6 | |
| Zabbix Server | =1.6.9 | |
| Zabbix Server | =1.4.5 | |
| Zabbix Server | <=1.8.10 | |
| Zabbix Server | =1.3.4-beta | |
| Zabbix Server | =1.8.8-rc1 | |
| Zabbix Server | =1.1-beta5 | |
| Zabbix Server | =1.8.4 | |
| Zabbix Server | =1.5-beta | |
| Zabbix Server | =1.8.10-rc1 | |
| Zabbix Server | =1.4.2 | |
| Zabbix Server | =1.1-beta12 | |
| Zabbix Server | =1.8.4-rc2 | |
| Zabbix Server | =1.1.5 | |
| Zabbix Server | =1.5.2-beta | |
| Zabbix Server | =1.8.5-rc1 | |
| Zabbix Server | =1.3.3-beta | |
| Zabbix Server | =1.3-beta | |
| Zabbix Server | =1.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/47216
- https://support.zabbix.com/browse/ZBX-4015
- http://osvdb.org/77771
- http://www.zabbix.com/rn1.8.10.php
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html
- http://www.securityfocus.com/bid/51093
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71855
Frequently Asked Questions
What is the severity of CVE-2011-4615?
CVE-2011-4615 is classified as a medium vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2011-4615?
To fix CVE-2011-4615, upgrade Zabbix to version 1.8.10 or later, which addresses the identified vulnerabilities.
What versions of Zabbix are affected by CVE-2011-4615?
CVE-2011-4615 affects Zabbix versions prior to 1.8.10 including several versions from 1.1 to 1.8.9.
What changes were made to resolve CVE-2011-4615?
Updates made to resolve CVE-2011-4615 included input validation and escaping for the affected parameters to prevent XSS.
Can CVE-2011-4615 be exploited remotely?
Yes, CVE-2011-4615 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/zabbix
- canonical/zabbix server
- version/zabbix server/1.6.1
- version/zabbix server/1.8.5
- version/zabbix server/1.1-beta2
- version/zabbix server/1.1.2
- version/zabbix server/1.8.4-rc3
- version/zabbix server/1.4
- version/zabbix server/1.8.8
- version/zabbix server/1.7.4
- version/zabbix server/1.5.3-beta
- version/zabbix server/1.1.4
- version/zabbix server/1.1.6
- version/zabbix server/1.8.3-rc1
- version/zabbix server/1.8.7-rc1
- version/zabbix server/1.4.3
- version/zabbix server/1.8.4-rc1
- version/zabbix server/1.6.5
- version/zabbix server/1.4.6
- version/zabbix server/1.6.8
- version/zabbix server/1.8.9-rc2
- version/zabbix server/1.8.6-rc2
- version/zabbix server/1.8.6
- version/zabbix server/1.1-beta4
- version/zabbix server/1.7.1
- version/zabbix server/1.4.4
- version/zabbix server/1.5.1-beta
- version/zabbix server/1.1
- version/zabbix server/1.3.7-beta
- version/zabbix server/1.8.4-rc4
- version/zabbix server/1.7.2
- version/zabbix server/1.8
- version/zabbix server/1.8.3-rc2
- version/zabbix server/1.6.3
- version/zabbix server/1.1-beta3
- version/zabbix server/1.3.1-beta
- version/zabbix server/1.3.2-beta
- version/zabbix server/1.6.2
- version/zabbix server/1.8.3-rc3
- version/zabbix server/1.7
- version/zabbix server/1.3.5-beta
- version/zabbix server/1.1.7
- version/zabbix server/1.6
- version/zabbix server/1.6.7
- version/zabbix server/1.6.4
- version/zabbix server/1.1-beta9
- version/zabbix server/1.1-beta10
- version/zabbix server/1.3.8-beta
- version/zabbix server/1.7.3
- version/zabbix server/1.1-beta6
- version/zabbix server/1.8.2
- version/zabbix server/1.8.9-rc1
- version/zabbix server/1.8.6-rc1
- version/zabbix server/1.8.8-rc2
- version/zabbix server/1.3.6-beta
- version/zabbix server/1.5.4-beta
- version/zabbix server/1.8.8-rc3
- version/zabbix server/1.1.1
- version/zabbix server/1.8.3-rc4
- version/zabbix server/1.4.1
- version/zabbix server/1.8.9
- version/zabbix server/1.1-beta8
- version/zabbix server/1.8.3
- version/zabbix server/1.1-beta11
- version/zabbix server/1.1-beta7
- version/zabbix server/1.1.3
- version/zabbix server/1.8.1
- version/zabbix server/1.6.6
- version/zabbix server/1.6.9
- version/zabbix server/1.4.5
- version/zabbix server/1.8.10
- version/zabbix server/1.3.4-beta
- version/zabbix server/1.8.8-rc1
- version/zabbix server/1.1-beta5
- version/zabbix server/1.8.4
- version/zabbix server/1.5-beta
- version/zabbix server/1.8.10-rc1
- version/zabbix server/1.4.2
- version/zabbix server/1.1-beta12
- version/zabbix server/1.8.4-rc2
- version/zabbix server/1.1.5
- version/zabbix server/1.5.2-beta
- version/zabbix server/1.8.5-rc1
- version/zabbix server/1.3.3-beta
- version/zabbix server/1.3-beta
- version/zabbix server/1.8.7