Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | <= 1.8.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40679Vendor Advisory
- http://www.securityfocus.com/bid/42017
- http://www.vupen.com/english/advisories/2010/1908PatchVendor Advisory
- http://www.zabbix.com/forum/showthread.php?p=68770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
- https://support.zabbix.com/browse/ZBX-2326Vendor Advisory
- http://secunia.com/advisories/40679Vendor Advisory
- http://www.securityfocus.com/bid/42017
- http://www.vupen.com/english/advisories/2010/1908PatchVendor Advisory
- http://www.zabbix.com/forum/showthread.php?p=68770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
- https://support.zabbix.com/browse/ZBX-2326Vendor Advisory
FAQ
What is CVE-2010-2790?
CVE-2010-2790 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web...
How severe is CVE-2010-2790?
CVE-2010-2790 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2790?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.