What is CVE-2023-29457?

CVE-2023-29457 is a vulnerability in Zabbix Frontend that allows for reflected XSS attacks.

Which software versions are affected by CVE-2023-29457?

Zabbix Frontend versions 4.0.0 to 4.0.45, 5.0.0 to 5.0.34, and 6.0.0 to 6.0.17 are affected.

What is the severity of CVE-2023-29457?

CVE-2023-29457 has a severity rating of 6.1 (medium).

How do I fix CVE-2023-29457?

To fix CVE-2023-29457, upgrade Zabbix Frontend to a version that is not affected (e.g., 4.0.46 or higher, 5.0.35 or higher, 6.0.18 or higher).

Vulnerability/
CVE-2023-29457

medium

6.3

CWE

79 20

13/7/2023

21/10/2024

CVE-2023-29457: Insufficient validation of Action form input fields

Q: How are reflected XSS attacks carried out?

Reflected XSS attacks occur when a malicious script is reflected off a web application to the victim's browser.

First published: Thu Jul 13 2023(Updated: )

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.

Credit: security@zabbix.com security@zabbix.com

Affected Software	Affected Version	How to fix
Zabbix Frontend	>=4.0.0<=4.0.45
Zabbix Frontend	>=6.0.0<=6.0.17
Zabbix Frontend	>=5.0.0<=5.0.34

Remedy

https://support.zabbix.com/browse/ZBX-22988

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-29457?
CVE-2023-29457 is a vulnerability in Zabbix Frontend that allows for reflected XSS attacks.
How are reflected XSS attacks carried out?
Reflected XSS attacks occur when a malicious script is reflected off a web application to the victim's browser.
Which software versions are affected by CVE-2023-29457?
Zabbix Frontend versions 4.0.0 to 4.0.45, 5.0.0 to 5.0.34, and 6.0.0 to 6.0.17 are affected.
What is the severity of CVE-2023-29457?
CVE-2023-29457 has a severity rating of 6.1 (medium).
How do I fix CVE-2023-29457?
To fix CVE-2023-29457, upgrade Zabbix Frontend to a version that is not affected (e.g., 4.0.46 or higher, 5.0.35 or higher, 6.0.18 or higher).

collector/nvd-latest
collector/nvd-index
agent/references
agent/author
agent/weakness
agent/type
agent/softwarecombine
agent/remedy
agent/description
collector/nvd-api
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/tags
agent/title
agent/first-publish-date
agent/event
vendor/zabbix
canonical/zabbix frontend
version/zabbix frontend/4.0.0
version/zabbix frontend/4.0.45
version/zabbix frontend/6.0.0
version/zabbix frontend/6.0.17
version/zabbix frontend/5.0.0
version/zabbix frontend/5.0.34

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.