Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-35230

Опубликовано: 06 июл. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 3.5
CVSS3: 3.7

Описание

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

1:6.0.29+dfsg-1
esm-apps/bionic

released

1:3.0.12+dfsg-1ubuntu0.1~esm4
esm-apps/focal

released

1:4.0.17+dfsg-1ubuntu0.1~esm2
esm-apps/jammy

released

1:5.0.17+dfsg-1ubuntu0.1~esm1
esm-apps/xenial

released

1:2.4.7+dfsg-2ubuntu2.1+esm4
esm-infra-legacy/trusty

released

1:2.2.2+dfsg-1ubuntu1+esm5
focal

ignored

end of standard support, was needed
impish

ignored

end of life
jammy

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.00874
Низкий

3.5 Low

CVSS2

3.7 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-35230

CVSS3: 3.7
nvd
больше 3 лет назад

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

debian логотип

CVE-2022-35230

CVSS3: 3.7
debian
больше 3 лет назад

An authenticated user can create a link with reflected Javascript code ...

suse-cvrf логотип

SUSE-SU-2022:3101-1

suse-cvrf
больше 3 лет назад

Security update for zabbix

github логотип

GHSA-6f4g-hm4f-cqp3

CVSS3: 5.4
github
больше 3 лет назад

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

fstec логотип

BDU:2023-01712

CVSS3: 5.4
fstec
больше 3 лет назад

Уязвимость универсальной системы мониторинга Zabbix, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 75%
0.00874
Низкий

3.5 Low

CVSS2

3.7 Low

CVSS3