threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zabbix frontend
Product
zabbix frontend
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-49643
>= 6.0.0 and < 6.0.42
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially cr
6.5
MEDIUM
CVE-2025-27232
>= 7.4.0 and < 7.4.3
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to p
4.9
MEDIUM
CVE-2023-32725
>= 6.0.0 and <= 6.0.21
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received s
9.6
CRITICAL
CVE-2023-30958
< 6.225.0
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP we
4.7
MEDIUM
CVE-2023-29457
>= 4.0.0 and <= 4.0.45
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be
6.3
MEDIUM
CVE-2023-29456
>= 4.0.0 and <= 4.0.46
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can
5.7
MEDIUM
CVE-2023-29455
>= 4.0.0 and <= 4.0.45
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to t
5.4
MEDIUM
CVE-2023-29454
>= 4.0.0 and <= 4.0.45
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application
5.4
MEDIUM
CVE-2022-43515
>= 4.0.0 and <= 4.0.44
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can a
5.3
MEDIUM
CVE-2022-24919
>= 4.0.0 and <= 4.0.38
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Th
3.7
LOW
CVE-2022-24918
>= 5.0.0 and <= 5.0.20
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The
3.7
LOW
CVE-2022-24917
>= 4.0.0 and <= 4.0.38
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
3.7
LOW
CVE-2022-24349
>= 4.0.0 and <= 4.0.38
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious cod
4.6
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin