Every CVE whose affected-product data names Zabbix Frontend, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-32725 — CVSS 9.6 (critical): The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session…
CVE-2025-49643 — CVSS 6.5 (medium): An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted…
CVE-2023-29457 — CVSS 6.3 (medium): Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be…
CVE-2023-29456 — CVSS 5.7 (medium): URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure…
CVE-2023-29455 — CVSS 5.4 (medium): Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the…
CVE-2023-29454 — CVSS 5.4 (medium): Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then…
CVE-2022-43515 — CVSS 5.3 (medium): Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it…
CVE-2025-27232 — CVSS 4.9 (medium): An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential…
CVE-2023-30958 — CVSS 4.7 (medium): A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be…
CVE-2022-24349 — CVSS 4.6 (medium): An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has…
CVE-2022-24918 — CVSS 3.7 (low): An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload…
CVE-2022-24919 — CVSS 3.7 (low): An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload…
CVE-2022-24917 — CVSS 3.7 (low): An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The…