CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

*   **Type: ** Defect (Security)
    
*   **Status:** Closed
    
*   **Priority: ** Trivial
    
*   **Resolution:** Fixed
    
*   **Affects Version/s:** 4.0.21rc1, 5.0.1rc1
    

*   **Sprint:**
    
    Sprint 66 (Jul 2020)
    

1.  Add in to zabbix defines configuration to use iFrame sandbox parameter
    1.  On by default
    2.  Update documentation on https://www.zabbix.com/documentation/current/manual/installation/requirements/best\_practices
2.  Add sandbox parameter to URL widget iframe

As a separate change will be refactoring of definex.inc to allow user override defines without reset the values on update. 

causes

 ZBXNEXT-82 support of 'local' config files

*   
*   Closed

Headline

CVE-2020-15803: [ZBX-18057] Stored Cross Site Scripting attack on URL widget (CVE-2020-15803)

CVE: Latest News