First published: Thu Jul 13 2023(Updated: )
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
Credit: security@zabbix.com security@zabbix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zabbix Zabbix | >=6.0.0<=6.0.17 | |
Zabbix Zabbix | =6.4.0 | |
Zabbix Zabbix | =6.4.0-rc1 | |
Zabbix Zabbix | =6.4.0-rc2 | |
Zabbix Zabbix | =6.4.0-rc3 | |
Zabbix Zabbix | =6.4.0-rc4 | |
Zabbix Zabbix | =6.4.1 | |
Zabbix Zabbix | =6.4.1-rc1 | |
Zabbix Zabbix | =6.4.1-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29452 is a vulnerability in the Zabbix software that allows the use of HTML in the "Attribution text" field when the "Other" Tile provider is selected.
CVE-2023-29452 affects Zabbix versions between 6.0.0 and 6.0.17, as well as version 6.4.0 and its release candidates.
CVE-2023-29452 has a severity score of 5.4, which is considered medium.
To fix CVE-2023-29452, it is recommended to update Zabbix to a version that is not affected by this vulnerability.
You can find more information about CVE-2023-29452 on the Zabbix support page: [link](https://support.zabbix.com/browse/ZBX-22981).