VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2790

zabbix: Multiple cross-site scripting (XSS) vulnerabilities...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2790

Original

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-05

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-05

Affected Product Tags

cpe:/a:zabbix:zabbix:1.1

cpe:/a:zabbix:zabbix:1.1.1

cpe:/a:zabbix:zabbix:1.1.2

cpe:/a:zabbix:zabbix:1.1.3

cpe:/a:zabbix:zabbix:1.1.4

cpe:/a:zabbix:zabbix:1.1.5

cpe:/a:zabbix:zabbix:1.1.6

cpe:/a:zabbix:zabbix:1.1.7

cpe:/a:zabbix:zabbix:1.1:beta10

cpe:/a:zabbix:zabbix:1.1:beta11

cpe:/a:zabbix:zabbix:1.1:beta12

cpe:/a:zabbix:zabbix:1.1:beta2

cpe:/a:zabbix:zabbix:1.1:beta3

cpe:/a:zabbix:zabbix:1.1:beta4

cpe:/a:zabbix:zabbix:1.1:beta5

cpe:/a:zabbix:zabbix:1.1:beta6

cpe:/a:zabbix:zabbix:1.1:beta7

cpe:/a:zabbix:zabbix:1.1:beta8

cpe:/a:zabbix:zabbix:1.1:beta9

cpe:/a:zabbix:zabbix:1.3.1:beta

cpe:/a:zabbix:zabbix:1.3.2:beta

cpe:/a:zabbix:zabbix:1.3.3:beta

cpe:/a:zabbix:zabbix:1.3.4:beta

cpe:/a:zabbix:zabbix:1.3.5:beta

cpe:/a:zabbix:zabbix:1.3.6:beta

cpe:/a:zabbix:zabbix:1.3.7:beta

cpe:/a:zabbix:zabbix:1.3.8:beta

cpe:/a:zabbix:zabbix:1.3:beta

cpe:/a:zabbix:zabbix:1.4.2

cpe:/a:zabbix:zabbix:1.4.3

cpe:/a:zabbix:zabbix:1.4.4

cpe:/a:zabbix:zabbix:1.4.5

cpe:/a:zabbix:zabbix:1.4.6

cpe:/a:zabbix:zabbix:1.5.1:beta

cpe:/a:zabbix:zabbix:1.5.2:beta

cpe:/a:zabbix:zabbix:1.5.3:beta

cpe:/a:zabbix:zabbix:1.5.4:beta

cpe:/a:zabbix:zabbix:1.5:beta

cpe:/a:zabbix:zabbix:1.6

cpe:/a:zabbix:zabbix:1.6.1

cpe:/a:zabbix:zabbix:1.6.2

cpe:/a:zabbix:zabbix:1.6.3

cpe:/a:zabbix:zabbix:1.6.4

cpe:/a:zabbix:zabbix:1.6.5

cpe:/a:zabbix:zabbix:1.6.6

cpe:/a:zabbix:zabbix:1.6.7

cpe:/a:zabbix:zabbix:1.6.8

cpe:/a:zabbix:zabbix:1.6.9

cpe:/a:zabbix:zabbix:1.7

cpe:/a:zabbix:zabbix:1.7.1

cpe:/a:zabbix:zabbix:1.7.2

cpe:/a:zabbix:zabbix:1.7.3

cpe:/a:zabbix:zabbix:1.7.4

cpe:/a:zabbix:zabbix:1.8

cpe:/a:zabbix:zabbix:1.8.1

cpe:/a:zabbix:zabbix:1.8.2 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 42017

CONFIRM http://www.zabbix.com/forum/showthread.php?p=68770

MISC https://support.zabbix.com/browse/ZBX-2326

SECUNIA 40679

VUPEN ADV-2010-1908

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)

XF zabbix-classcurl-xss(60772)