CVE-2011-4615

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.

How to fix CVE-2011-4615

To remediate CVE-2011-4615, upgrade the affected package to a fixed version below.

• Debian/zabbix—upgrade to 1:1.8.10-1 or later

Is CVE-2011-4615 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.8.10-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4615