CVE-2010-2790
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.zabbix.com/forum/showthread.php?p=68770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
- http://www.vupen.com/english/advisories/2010/1908
- http://secunia.com/advisories/40679
- https://support.zabbix.com/browse/ZBX-2326
- http://www.securityfocus.com/bid/42017
References
- http://www.zabbix.com/forum/showthread.php?p=68770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
- http://www.vupen.com/english/advisories/2010/1908
- http://secunia.com/advisories/40679
- https://support.zabbix.com/browse/ZBX-2326
- http://www.securityfocus.com/bid/42017
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.