The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HZabbix Frontend
APPZabbix7.0.06.0.0 – 6.0.216.4.0 – 6.4.6Zabbix Server
APPZabbix7.0.06.0.0 – 6.0.216.4.0 – 6.4.6
Related vulnerabilities
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the we...
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by ...
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malici...
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks...
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a ...