What is CVE-2020-15803?

CVE-2020-15803 is a vulnerability that allows stored XSS in the URL Widget in Zabbix before version 3.0.32rc1, 4.x before version 4.0.22rc1, 4.1.x through 4.4.x before version 4.4.10rc1, and 5.x before version 5.0.2rc1.

How severe is CVE-2020-15803?

CVE-2020-15803 has a severity rating of 6.1 (medium).

How does CVE-2020-15803 affect Zabbix?

CVE-2020-15803 affects Zabbix versions before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1.

What is the Common Weakness Enumeration (CWE) for CVE-2020-15803?

The Common Weakness Enumeration (CWE) for CVE-2020-15803 is CWE-79.

Where can I find more information about CVE-2020-15803?

You can find more information about CVE-2020-15803 in the following references: [1] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html [2] https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html [3] https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html

Vulnerability/
CVE-2020-15803

medium

6.1

CWE

17/7/2020

4/8/2024

CVE-2020-15803: XSS

First published: Fri Jul 17 2020(Updated: )

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zabbix Zabbix	<=3.0.31
Zabbix Zabbix	>=4.0.0<=4.0.21
Zabbix Zabbix	>=4.4<=4.4.9
Zabbix Zabbix	>=5.0.0<=5.0.1
Zabbix Zabbix	=3.0.32-rc1
Zabbix Zabbix	=4.0.22
Zabbix Zabbix	=4.0.22-rc1
Zabbix Zabbix	=4.4.10
Zabbix Zabbix	=4.4.10-rc1
Zabbix Zabbix	=5.0.2
Zabbix Zabbix	=5.0.2-rc1
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
Debian Debian Linux	=9.0
Opensuse Backports	=sle-15-sp1
Opensuse Backports	=sle-15-sp2
openSUSE Leap	=15.1
openSUSE Leap	=15.2

Remedy

https://support.zabbix.com/browse/ZBX-18057

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-15803?
CVE-2020-15803 is a vulnerability that allows stored XSS in the URL Widget in Zabbix before version 3.0.32rc1, 4.x before version 4.0.22rc1, 4.1.x through 4.4.x before version 4.4.10rc1, and 5.x before version 5.0.2rc1.
How severe is CVE-2020-15803?
CVE-2020-15803 has a severity rating of 6.1 (medium).
How does CVE-2020-15803 affect Zabbix?
CVE-2020-15803 affects Zabbix versions before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1.
What is the Common Weakness Enumeration (CWE) for CVE-2020-15803?
The Common Weakness Enumeration (CWE) for CVE-2020-15803 is CWE-79.
Where can I find more information about CVE-2020-15803?
You can find more information about CVE-2020-15803 in the following references: [1] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html [2] https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html [3] https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html

collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/tags
collector/mitre-cve
source/MITRE
vendor/zabbix
canonical/zabbix zabbix
version/zabbix zabbix/3.0.31
version/zabbix zabbix/4.0.0
version/zabbix zabbix/4.0.21
version/zabbix zabbix/4.4
version/zabbix zabbix/4.4.9
version/zabbix zabbix/5.0.0
version/zabbix zabbix/5.0.1
version/zabbix zabbix/3.0.32-rc1
version/zabbix zabbix/4.0.22
version/zabbix zabbix/4.0.22-rc1
version/zabbix zabbix/4.4.10
version/zabbix zabbix/4.4.10-rc1
version/zabbix zabbix/5.0.2
version/zabbix zabbix/5.0.2-rc1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/sle-15-sp1
version/opensuse backports/sle-15-sp2
canonical/opensuse leap
version/opensuse leap/15.1
version/opensuse leap/15.2