Headline
CVE-2023-29455: [ZBX-22986] Reflected XSS in several fields of graph form (CVE-2023-29455)
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
Mitre ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29455
CVSS score
5.4
Severity
Medium
Summary
Reflected XSS in several fields of graph form
Description
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
Known attack vectors
Using this vulnerability attacker can pass malicious code as GET request to graph.php and system will save it and will execute when current graph page is opened.
Patch provided
No
Component/s
Frontend
Affected version/s and fix version/s
· Affected: 4.0.45, 5.0.33
· Fix: 4.0.46rc1, 5.0.35rc1
Fix compatibility tests
-
Resolution
fixed
Workarounds
None
Acknowledgements